Skip to main content

Salt CVE-2024-38824

| EUVDEUVD-2024-54682 CRITICAL
Path Traversal (CWE-22)
2025-06-13 security@vmware.com GHSA-8pcp-r83j-fc92
Critical
Disputed · 9.6 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Ubuntu
MEDIUM
qualitative
SUSE
CRITICAL
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2024-54682
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
CVE Published
Jun 13, 2025 - 08:15 nvd
CRITICAL 9.6

DescriptionCVE.org

Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

AnalysisAI

Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.

Technical ContextAI

This vulnerability exploits improper input validation in the recv_file method, classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'). The root cause involves insufficient sanitization of file paths before writing to the cache directory, allowing attackers to use path traversal sequences (e.g., '../', '..\') to escape the intended directory boundary and write files to arbitrary locations within the master cache filesystem. The affected technology likely involves distributed computing, caching systems, or remote file transfer protocols where multiple nodes interact with shared cache directories. Without specific CPE data provided, the vulnerability appears to impact cache management systems or similar infrastructure components that handle file operations across trust boundaries.

RemediationAI

  1. IMMEDIATE: Identify and inventory all systems running software with vulnerable recv_file implementations. 2) PATCH: Apply vendor security updates as released (specific patch versions not provided in briefing—consult vendor advisories directly). 3) WORKAROUNDS (if patches unavailable): Implement strict input validation on all file path parameters before reaching recv_file, enforce chroot/jail restrictions on cache directory access, use allowlist-based path validation rejecting '../' and similar sequences, implement filesystem-level protections (read-only parent directories, restrictive permissions). 4) DETECTION: Monitor for HTTP requests/protocol messages containing path traversal sequences ('../', '..\', Unicode encodings) targeting recv_file endpoints; audit cache directory for unexpected files. 5) ACCESS CONTROL: Restrict authentication credentials for cache systems; implement network segmentation limiting access to cache directories.

More in Salt

View all
CVE-2021-25281 CRITICAL POC
9.8 Feb 27

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2020-25592 CRITICAL POC
9.8 Nov 06

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. Rated critical severity (

CVE-2020-16846 CRITICAL POC
9.8 Nov 06

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2020-11651 CRITICAL POC
9.8 Apr 30

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated critical severity (CVSS 9.8), th

CVE-2021-25282 CRITICAL POC
9.1 Feb 27

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2020-11652 MEDIUM POC
6.5 Apr 30

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated medium severity (CVSS 6.5), this

CVE-2021-31607 HIGH POC
7.8 Apr 23

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for

CVE-2013-6617 CRITICAL
10.0 Nov 05

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it ea

CVE-2013-4437 CRITICAL
10.0 Nov 05

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "inse

CVE-2017-12791 CRITICAL
9.8 Aug 23

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.

CVE-2017-14695 CRITICAL
9.8 Oct 24

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8,

CVE-2021-3197 CRITICAL
9.8 Feb 27

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remot

Vendor StatusVendor

Ubuntu

Priority: Medium
salt
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
jammy needs-triage -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -

Debian

salt
Release Status Fixed Version Urgency
(unstable) fixed (unfixed) -

SUSE

Severity: Critical
Product Status
Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 Affected
Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1 Affected
Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.40 Container suse/sl-micro/6.0/base-os-container:2.1.3-4.37 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-4.39 Container suse/sl-micro/6.0/rt-os-container:2.1.3-5.38 Container suse/sl-micro/6.0/toolbox:13.2-9.1 Affected
Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-2-BYOS-GCE Affected

Share

CVE-2024-38824 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy