Salt Master Git Provider Cache Dir Collision (3005.1, 3006.1): CVE-2023-20898 September 2023

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

Vulnerability Analysis

CVE-2023-20898 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Products Associated with CVE-2023-20898

Want to know whenever a new CVE is published for SaltStack Salt? stack.watch will email you.

Exploit Probability

EPSS

0.09%

Percentile

25.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Salt Master Git Provider Cache Dir Collision (3005.1, 3006.1)CVE-2023-20898 Published on September 5, 2023

Vulnerability Analysis

Products Associated with CVE-2023-20898

Exploit Probability

Salt Master Git Provider Cache Dir Collision (3005.1, 3006.1)
CVE-2023-20898 Published on September 5, 2023