MEDIUM 6.3

GHSA-xh32-3m67-qjgf

Salt allows arbitrary directory creation or file deletion

Details

Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 3007.0rc1 Fixed in: 3007.4

Fix pip install --upgrade 'salt>=3007.4'

PyPI / salt

Introduced in: 3006.0rc1 Fixed in: 3006.12

Fix pip install --upgrade 'salt>=3006.12'

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22240 [ADVISORY]
https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3 [WEB]
https://docs.saltproject.io/en/3006/topics/releases/3006.12.html [WEB]
https://docs.saltproject.io/en/3007/topics/releases/3007.4.html [WEB]
https://github.com/saltstack/salt [PACKAGE]