VYPR
Medium severity6.7GHSA Advisory· Published Nov 14, 2024· Updated Apr 15, 2026

CVE-2023-34049

CVE-2023-34049

Description

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
< 3005.43005.4
saltPyPI
>= 3006.0rc1, < 3006.43006.4

Affected products

83

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.