Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-34049 (GCVE-0-2023-34049)
Vulnerability from cvelistv5 – Published: 2024-11-14 04:13 – Updated: 2024-11-14 15:20| Vendor | Product | Version | |
|---|---|---|---|
| Salt | SALT |
Affected:
3005 , < 3005.4
(oss)
Affected: 3004 , < 3006.4 (oss) |
|
| salt_project | salt |
Affected:
3005 , < 3005.4
(custom)
Affected: 3004 , < 3006.4 (custom) cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "salt",
"vendor": "salt_project",
"versions": [
{
"lessThan": "3005.4",
"status": "affected",
"version": "3005",
"versionType": "custom"
},
{
"lessThan": "3006.4",
"status": "affected",
"version": "3004",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:12:53.355210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:20:15.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "SALT",
"product": "SALT",
"vendor": "Salt",
"versions": [
{
"lessThan": "3005.4",
"status": "affected",
"version": "3005",
"versionType": "oss"
},
{
"lessThan": "3006.4",
"status": "affected",
"version": "3004",
"versionType": "oss"
}
]
}
],
"datePublic": "2023-10-28T04:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eDo not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T04:13:55.255Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://saltproject.io/security-announcements/2023-10-27-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Salt security advisory release - 2023-OCT-27",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34049",
"datePublished": "2024-11-14T04:13:55.255Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2024-11-14T15:20:15.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-34049",
"date": "2026-07-17",
"epss": "0.00187",
"percentile": "0.08455"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\"}, {\"lang\": \"es\", \"value\": \"La opci\\u00f3n de pre-vuelo de Salt-SSH copia el script al destino en una ruta predecible, lo que permite a un atacante forzar a Salt-SSH a ejecutar su script. Si un atacante tiene acceso a la m\\u00e1quina virtual de destino y conoce la ruta al script de pre-vuelo antes de que se ejecute, puede asegurarse de que Salt-SSH ejecute su script con los privilegios del usuario que ejecuta Salt-SSH. No haga que la ruta de copia en el destino sea predecible y aseg\\u00farese de verificar los c\\u00f3digos de retorno del comando scp si la copia falla.\"}]",
"id": "CVE-2023-34049",
"lastModified": "2024-11-15T13:58:08.913",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}]}",
"published": "2024-11-14T05:15:28.260",
"references": "[{\"url\": \"https://saltproject.io/security-announcements/2023-10-27-advisory/\", \"source\": \"security@vmware.com\"}]",
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-34049\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2024-11-14T05:15:28.260\",\"lastModified\":\"2026-06-17T06:02:48.060\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\"},{\"lang\":\"es\",\"value\":\"La opci\u00f3n de pre-vuelo de Salt-SSH copia el script al destino en una ruta predecible, lo que permite a un atacante forzar a Salt-SSH a ejecutar su script. Si un atacante tiene acceso a la m\u00e1quina virtual de destino y conoce la ruta al script de pre-vuelo antes de que se ejecute, puede asegurarse de que Salt-SSH ejecute su script con los privilegios del usuario que ejecuta Salt-SSH. No haga que la ruta de copia en el destino sea predecible y aseg\u00farese de verificar los c\u00f3digos de retorno del comando scp si la copia falla.\"}],\"affected\":[{\"source\":\"security@vmware.com\",\"affectedData\":[{\"vendor\":\"Salt\",\"product\":\"SALT\",\"defaultStatus\":\"unaffected\",\"packageName\":\"SALT\",\"versions\":[{\"version\":\"3005\",\"lessThan\":\"3005.4\",\"versionType\":\"oss\",\"status\":\"affected\"},{\"version\":\"3004\",\"lessThan\":\"3006.4\",\"versionType\":\"oss\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"salt_project\",\"product\":\"salt\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"3005\",\"lessThan\":\"3005.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"3004\",\"lessThan\":\"3006.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-11-14T15:12:53.355210Z\",\"id\":\"CVE-2023-34049\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"references\":[{\"url\":\"https://saltproject.io/security-announcements/2023-10-27-advisory/\",\"source\":\"security@vmware.com\"}]}}",
"redhat_vex": {
"current_release_date": "2025-11-21T15:04:12+00:00",
"cve": "CVE-2023-34049",
"id": "CVE-2023-34049",
"initial_release_date": "2023-10-30T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "salt: allows an attacker to force Salt-SSH to run their script",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34049.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-34049\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-14T15:12:53.355210Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:*\"], \"vendor\": \"salt_project\", \"product\": \"salt\", \"versions\": [{\"status\": \"affected\", \"version\": \"3005\", \"lessThan\": \"3005.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3004\", \"lessThan\": \"3006.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-14T15:18:00.386Z\"}}], \"cna\": {\"title\": \"Salt security advisory release - 2023-OCT-27\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Salt\", \"product\": \"SALT\", \"versions\": [{\"status\": \"affected\", \"version\": \"3005\", \"lessThan\": \"3005.4\", \"versionType\": \"oss\"}, {\"status\": \"affected\", \"version\": \"3004\", \"lessThan\": \"3006.4\", \"versionType\": \"oss\"}], \"packageName\": \"SALT\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-10-28T04:08:00.000Z\", \"references\": [{\"url\": \"https://saltproject.io/security-announcements/2023-10-27-advisory/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(254, 254, 254);\\\"\u003eDo not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2024-11-14T04:13:55.255Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-34049\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-14T15:20:15.288Z\", \"dateReserved\": \"2023-05-25T17:21:56.202Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2024-11-14T04:13:55.255Z\", \"assignerShortName\": \"vmware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2023:4412-1
Vulnerability from csaf_suse - Published: 2023-11-09 02:50 - Updated: 2023-11-09 02:50| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.9-150400.3.90.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\n- Update to SUSE Manager 4.3.9\n * Debian 12 support as client\n * New Update Notification (jsc#SUMA-111)\n * Monitoring: Grafana upgraded to 9.5.8\n * Update \u0027saltkey\u0027 endpoints to accept GET instead of POST\n * CVEs fixed:\n CVE-2023-34049\n * Bugs mentioned:\n bsc#1204270, bsc#1211047, bsc#1211145, bsc#1211270, bsc#1211912\n bsc#1212168, bsc#1212507, bsc#1213132, bsc#1213376, bsc#1213469\n bsc#1213680, bsc#1213689, bsc#1214041, bsc#1214121, bsc#1214463\n bsc#1214553, bsc#1214746, bsc#1215027, bsc#1215120, bsc#1215412\n bsc#1215514, bsc#1216661, bsc#1215157\n \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4412,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4412,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4412",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4412-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4412-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234412-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4412-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017009.html"
},
{
"category": "self",
"summary": "SUSE Bug 1204270",
"url": "https://bugzilla.suse.com/1204270"
},
{
"category": "self",
"summary": "SUSE Bug 1211047",
"url": "https://bugzilla.suse.com/1211047"
},
{
"category": "self",
"summary": "SUSE Bug 1211145",
"url": "https://bugzilla.suse.com/1211145"
},
{
"category": "self",
"summary": "SUSE Bug 1211270",
"url": "https://bugzilla.suse.com/1211270"
},
{
"category": "self",
"summary": "SUSE Bug 1211912",
"url": "https://bugzilla.suse.com/1211912"
},
{
"category": "self",
"summary": "SUSE Bug 1212168",
"url": "https://bugzilla.suse.com/1212168"
},
{
"category": "self",
"summary": "SUSE Bug 1212507",
"url": "https://bugzilla.suse.com/1212507"
},
{
"category": "self",
"summary": "SUSE Bug 1213132",
"url": "https://bugzilla.suse.com/1213132"
},
{
"category": "self",
"summary": "SUSE Bug 1213376",
"url": "https://bugzilla.suse.com/1213376"
},
{
"category": "self",
"summary": "SUSE Bug 1213469",
"url": "https://bugzilla.suse.com/1213469"
},
{
"category": "self",
"summary": "SUSE Bug 1213680",
"url": "https://bugzilla.suse.com/1213680"
},
{
"category": "self",
"summary": "SUSE Bug 1213689",
"url": "https://bugzilla.suse.com/1213689"
},
{
"category": "self",
"summary": "SUSE Bug 1214041",
"url": "https://bugzilla.suse.com/1214041"
},
{
"category": "self",
"summary": "SUSE Bug 1214121",
"url": "https://bugzilla.suse.com/1214121"
},
{
"category": "self",
"summary": "SUSE Bug 1214463",
"url": "https://bugzilla.suse.com/1214463"
},
{
"category": "self",
"summary": "SUSE Bug 1214553",
"url": "https://bugzilla.suse.com/1214553"
},
{
"category": "self",
"summary": "SUSE Bug 1214746",
"url": "https://bugzilla.suse.com/1214746"
},
{
"category": "self",
"summary": "SUSE Bug 1215027",
"url": "https://bugzilla.suse.com/1215027"
},
{
"category": "self",
"summary": "SUSE Bug 1215120",
"url": "https://bugzilla.suse.com/1215120"
},
{
"category": "self",
"summary": "SUSE Bug 1215157",
"url": "https://bugzilla.suse.com/1215157"
},
{
"category": "self",
"summary": "SUSE Bug 1215412",
"url": "https://bugzilla.suse.com/1215412"
},
{
"category": "self",
"summary": "SUSE Bug 1215514",
"url": "https://bugzilla.suse.com/1215514"
},
{
"category": "self",
"summary": "SUSE Bug 1216661",
"url": "https://bugzilla.suse.com/1216661"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34049/"
}
],
"title": "Security update for SUSE Manager Server 4.3",
"tracking": {
"current_release_date": "2023-11-09T02:50:01Z",
"generator": {
"date": "2023-11-09T02:50:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4412-1",
"initial_release_date": "2023-11-09T02:50:01Z",
"revision_history": [
{
"date": "2023-11-09T02:50:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.9-150400.3.90.1.noarch",
"product": {
"name": "release-notes-susemanager-4.3.9-150400.3.90.1.noarch",
"product_id": "release-notes-susemanager-4.3.9-150400.3.90.1.noarch"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch",
"product": {
"name": "release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch",
"product_id": "release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch"
},
"product_reference": "release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.3.9-150400.3.90.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.9-150400.3.90.1.noarch"
},
"product_reference": "release-notes-susemanager-4.3.9-150400.3.90.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34049"
}
],
"notes": [
{
"category": "general",
"text": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.9-150400.3.90.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34049",
"url": "https://www.suse.com/security/cve/CVE-2023-34049"
},
{
"category": "external",
"summary": "SUSE Bug 1215157 for CVE-2023-34049",
"url": "https://bugzilla.suse.com/1215157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.9-150400.3.90.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.9-150400.3.69.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.9-150400.3.90.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-09T02:50:01Z",
"details": "important"
}
],
"title": "CVE-2023-34049"
}
]
}
SUSE-SU-2023:4748-1
Vulnerability from csaf_suse - Published: 2023-12-13 09:24 - Updated: 2023-12-13 09:24| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n * Security fixes:\n * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)\n * Non security fixes:\n * Add python dateutil module to the bundle\n * Allow all primitive grain types for autosign_grains (bsc#1214477)\n * Remove non-free RNG schema file (bsc#1213351)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4748,SUSE-SLE-Manager-Tools-12-2023-4748",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4748-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4748-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234748-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4748-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017373.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213351",
"url": "https://bugzilla.suse.com/1213351"
},
{
"category": "self",
"summary": "SUSE Bug 1214477",
"url": "https://bugzilla.suse.com/1214477"
},
{
"category": "self",
"summary": "SUSE Bug 1215157",
"url": "https://bugzilla.suse.com/1215157"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34049/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2023-12-13T09:24:14Z",
"generator": {
"date": "2023-12-13T09:24:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4748-1",
"initial_release_date": "2023-12-13T09:24:14Z",
"revision_history": [
{
"date": "2023-12-13T09:24:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.aarch64",
"product_id": "saltbundle-swig-4.1.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.aarch64",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.aarch64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.aarch64",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.aarch64",
"product_id": "venv-salt-minion-3006.0-3.46.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-doc-4.1.1-3.9.1.noarch",
"product": {
"name": "saltbundle-swig-doc-4.1.1-3.9.1.noarch",
"product_id": "saltbundle-swig-doc-4.1.1-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-appdirs-1.4.4-3.9.1.noarch",
"product": {
"name": "saltbundlepy-appdirs-1.4.4-3.9.1.noarch",
"product_id": "saltbundlepy-appdirs-1.4.4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-certifi-2018.1.18-3.15.1.noarch",
"product": {
"name": "saltbundlepy-certifi-2018.1.18-3.15.1.noarch",
"product_id": "saltbundlepy-certifi-2018.1.18-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dateutil-2.8.1-3.3.5.noarch",
"product": {
"name": "saltbundlepy-dateutil-2.8.1-3.3.5.noarch",
"product_id": "saltbundlepy-dateutil-2.8.1-3.3.5.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-editables-0.3-3.3.1.noarch",
"product": {
"name": "saltbundlepy-editables-0.3-3.3.1.noarch",
"product_id": "saltbundlepy-editables-0.3-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-exceptiongroup-1.1.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-exceptiongroup-1.1.0-3.3.1.noarch",
"product_id": "saltbundlepy-exceptiongroup-1.1.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-core-3.8.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-core-3.8.0-3.3.1.noarch",
"product_id": "saltbundlepy-flit-core-3.8.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-scm-1.7.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-scm-1.7.0-3.3.1.noarch",
"product_id": "saltbundlepy-flit-scm-1.7.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatch-vcs-0.3.0-3.3.2.noarch",
"product": {
"name": "saltbundlepy-hatch-vcs-0.3.0-3.3.2.noarch",
"product_id": "saltbundlepy-hatch-vcs-0.3.0-3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatchling-1.13.0-3.3.2.noarch",
"product": {
"name": "saltbundlepy-hatchling-1.13.0-3.3.2.noarch",
"product_id": "saltbundlepy-hatchling-1.13.0-3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-iniconfig-2.0.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-iniconfig-2.0.0-3.3.1.noarch",
"product_id": "saltbundlepy-iniconfig-2.0.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-doc-4.9.3-3.18.1.noarch",
"product": {
"name": "saltbundlepy-lxml-doc-4.9.3-3.18.1.noarch",
"product_id": "saltbundlepy-lxml-doc-4.9.3-3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-more-itertools-8.10.0-3.12.1.noarch",
"product": {
"name": "saltbundlepy-more-itertools-8.10.0-3.12.1.noarch",
"product_id": "saltbundlepy-more-itertools-8.10.0-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-packaging-23.1-3.9.1.noarch",
"product": {
"name": "saltbundlepy-packaging-23.1-3.9.1.noarch",
"product_id": "saltbundlepy-packaging-23.1-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pathspec-0.11.1-3.3.1.noarch",
"product": {
"name": "saltbundlepy-pathspec-0.11.1-3.3.1.noarch",
"product_id": "saltbundlepy-pathspec-0.11.1-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pip-20.2.4-3.9.1.noarch",
"product": {
"name": "saltbundlepy-pip-20.2.4-3.9.1.noarch",
"product_id": "saltbundlepy-pip-20.2.4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pluggy-1.0.0-3.9.5.noarch",
"product": {
"name": "saltbundlepy-pluggy-1.0.0-3.9.5.noarch",
"product_id": "saltbundlepy-pluggy-1.0.0-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-py-1.10.0-3.12.5.noarch",
"product": {
"name": "saltbundlepy-py-1.10.0-3.12.5.noarch",
"product_id": "saltbundlepy-py-1.10.0-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pytest-7.3.2-3.9.1.noarch",
"product": {
"name": "saltbundlepy-pytest-7.3.2-3.9.1.noarch",
"product_id": "saltbundlepy-pytest-7.3.2-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-scm-7.1.0-3.9.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-scm-7.1.0-3.9.1.noarch",
"product_id": "saltbundlepy-setuptools-scm-7.1.0-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tomli-1.2.3-3.3.1.noarch",
"product": {
"name": "saltbundlepy-tomli-1.2.3-3.3.1.noarch",
"product_id": "saltbundlepy-tomli-1.2.3-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-typing-extensions-4.5.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-typing-extensions-4.5.0-3.3.1.noarch",
"product_id": "saltbundlepy-typing-extensions-4.5.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-wheel-0.40.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-wheel-0.40.0-3.3.1.noarch",
"product_id": "saltbundlepy-wheel-0.40.0-3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.ppc64le",
"product_id": "saltbundle-swig-4.1.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.ppc64le",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.ppc64le",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.ppc64le",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.ppc64le",
"product_id": "venv-salt-minion-3006.0-3.46.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.s390x",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.s390x",
"product_id": "saltbundle-swig-4.1.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.s390x",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.s390x",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.s390x",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.s390x",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.s390x",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.s390x",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.s390x",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.s390x",
"product_id": "venv-salt-minion-3006.0-3.46.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.x86_64",
"product_id": "saltbundle-swig-4.1.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.x86_64",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.x86_64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.x86_64",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.x86_64",
"product_id": "venv-salt-minion-3006.0-3.46.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 12",
"product": {
"name": "SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34049"
}
],
"notes": [
{
"category": "general",
"text": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34049",
"url": "https://www.suse.com/security/cve/CVE-2023-34049"
},
{
"category": "external",
"summary": "SUSE Bug 1215157 for CVE-2023-34049",
"url": "https://bugzilla.suse.com/1215157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-13T09:24:14Z",
"details": "important"
}
],
"title": "CVE-2023-34049"
}
]
}
SUSE-SU-2023:4749-1
Vulnerability from csaf_suse - Published: 2023-12-13 09:26 - Updated: 2023-12-13 09:26| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n * Security fixes:\n * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)\n * Non security fixes:\n * Add python dateutil module to the bundle\n * Allow all primitive grain types for autosign_grains (bsc#1214477)\n * Remove non-free RNG schema file (bsc#1213351)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4749,SUSE-SLE-Manager-Tools-15-2023-4749,SUSE-SLE-Manager-Tools-For-Micro-5-2023-4749,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4749,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4749",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4749-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4749-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234749-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4749-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-December/033085.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213351",
"url": "https://bugzilla.suse.com/1213351"
},
{
"category": "self",
"summary": "SUSE Bug 1214477",
"url": "https://bugzilla.suse.com/1214477"
},
{
"category": "self",
"summary": "SUSE Bug 1215157",
"url": "https://bugzilla.suse.com/1215157"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34049/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2023-12-13T09:26:13Z",
"generator": {
"date": "2023-12-13T09:26:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4749-1",
"initial_release_date": "2023-12-13T09:26:13Z",
"revision_history": [
{
"date": "2023-12-13T09:26:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.aarch64",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.aarch64",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.aarch64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.aarch64",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-doc-4.1.1-150000.3.9.1.noarch",
"product": {
"name": "saltbundle-swig-doc-4.1.1-150000.3.9.1.noarch",
"product_id": "saltbundle-swig-doc-4.1.1-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-appdirs-1.4.4-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-appdirs-1.4.4-150000.3.9.1.noarch",
"product_id": "saltbundlepy-appdirs-1.4.4-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-certifi-2018.1.18-150000.3.15.1.noarch",
"product": {
"name": "saltbundlepy-certifi-2018.1.18-150000.3.15.1.noarch",
"product_id": "saltbundlepy-certifi-2018.1.18-150000.3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dateutil-2.8.1-150000.3.3.3.noarch",
"product": {
"name": "saltbundlepy-dateutil-2.8.1-150000.3.3.3.noarch",
"product_id": "saltbundlepy-dateutil-2.8.1-150000.3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-editables-0.3-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-editables-0.3-150000.3.3.1.noarch",
"product_id": "saltbundlepy-editables-0.3-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-exceptiongroup-1.1.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-exceptiongroup-1.1.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-exceptiongroup-1.1.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-core-3.8.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-core-3.8.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-flit-core-3.8.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-scm-1.7.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-scm-1.7.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-flit-scm-1.7.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatch-vcs-0.3.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-hatch-vcs-0.3.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-hatch-vcs-0.3.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatchling-1.13.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-hatchling-1.13.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-hatchling-1.13.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-iniconfig-2.0.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-iniconfig-2.0.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-iniconfig-2.0.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-doc-4.9.3-150000.3.18.1.noarch",
"product": {
"name": "saltbundlepy-lxml-doc-4.9.3-150000.3.18.1.noarch",
"product_id": "saltbundlepy-lxml-doc-4.9.3-150000.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-more-itertools-8.10.0-150000.3.12.1.noarch",
"product": {
"name": "saltbundlepy-more-itertools-8.10.0-150000.3.12.1.noarch",
"product_id": "saltbundlepy-more-itertools-8.10.0-150000.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-packaging-23.1-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-packaging-23.1-150000.3.9.1.noarch",
"product_id": "saltbundlepy-packaging-23.1-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pathspec-0.11.1-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-pathspec-0.11.1-150000.3.3.1.noarch",
"product_id": "saltbundlepy-pathspec-0.11.1-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pip-20.2.4-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-pip-20.2.4-150000.3.9.1.noarch",
"product_id": "saltbundlepy-pip-20.2.4-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pluggy-1.0.0-150000.3.9.3.noarch",
"product": {
"name": "saltbundlepy-pluggy-1.0.0-150000.3.9.3.noarch",
"product_id": "saltbundlepy-pluggy-1.0.0-150000.3.9.3.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-py-1.10.0-150000.3.12.3.noarch",
"product": {
"name": "saltbundlepy-py-1.10.0-150000.3.12.3.noarch",
"product_id": "saltbundlepy-py-1.10.0-150000.3.12.3.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pytest-7.3.2-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-pytest-7.3.2-150000.3.9.1.noarch",
"product_id": "saltbundlepy-pytest-7.3.2-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-scm-7.1.0-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-scm-7.1.0-150000.3.9.1.noarch",
"product_id": "saltbundlepy-setuptools-scm-7.1.0-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tomli-1.2.3-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-tomli-1.2.3-150000.3.3.1.noarch",
"product_id": "saltbundlepy-tomli-1.2.3-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-typing-extensions-4.5.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-typing-extensions-4.5.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-typing-extensions-4.5.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-wheel-0.40.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-wheel-0.40.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-wheel-0.40.0-150000.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.ppc64le",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.ppc64le",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.ppc64le",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.ppc64le",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.s390x",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.s390x",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.s390x",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.s390x",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.s390x",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.s390x",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.s390x",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.s390x",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.x86_64",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.x86_64",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.x86_64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.x86_64",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.3",
"product": {
"name": "SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34049"
}
],
"notes": [
{
"category": "general",
"text": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34049",
"url": "https://www.suse.com/security/cve/CVE-2023-34049"
},
{
"category": "external",
"summary": "SUSE Bug 1215157 for CVE-2023-34049",
"url": "https://bugzilla.suse.com/1215157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-13T09:26:13Z",
"details": "important"
}
],
"title": "CVE-2023-34049"
}
]
}
SUSE-SU-2023:4757-1
Vulnerability from csaf_suse - Published: 2023-12-13 09:33 - Updated: 2023-12-13 09:33| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n * Security fixes:\n * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)\n * Non security fixes:\n * Add python dateutil module to the bundle\n * Allow all primitive grain types for autosign_grains (bsc#1214477)\n * Remove non-free RNG schema file (bsc#1213351)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4757,SUSE-EL-9-CLIENT-TOOLS-2023-4757",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4757-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4757-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234757-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4757-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017369.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213351",
"url": "https://bugzilla.suse.com/1213351"
},
{
"category": "self",
"summary": "SUSE Bug 1214477",
"url": "https://bugzilla.suse.com/1214477"
},
{
"category": "self",
"summary": "SUSE Bug 1215157",
"url": "https://bugzilla.suse.com/1215157"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34049/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2023-12-13T09:33:43Z",
"generator": {
"date": "2023-12-13T09:33:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4757-1",
"initial_release_date": "2023-12-13T09:33:43Z",
"revision_history": [
{
"date": "2023-12-13T09:33:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.aarch64",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.aarch64",
"product_id": "saltbundle-swig-4.1.1-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.aarch64",
"product_id": "venv-salt-minion-3006.0-1.30.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"product": {
"name": "saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"product_id": "saltbundle-swig-doc-4.1.1-1.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"product": {
"name": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"product_id": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"product": {
"name": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"product_id": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"product": {
"name": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"product_id": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-editables-0.3-1.3.1.noarch",
"product": {
"name": "saltbundlepy-editables-0.3-1.3.1.noarch",
"product_id": "saltbundlepy-editables-0.3-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"product_id": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"product_id": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"product_id": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"product_id": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"product_id": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"product_id": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"product": {
"name": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"product_id": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"product": {
"name": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"product_id": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-packaging-23.1-1.6.1.noarch",
"product": {
"name": "saltbundlepy-packaging-23.1-1.6.1.noarch",
"product_id": "saltbundlepy-packaging-23.1-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"product": {
"name": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"product_id": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pip-20.2.4-1.6.1.noarch",
"product": {
"name": "saltbundlepy-pip-20.2.4-1.6.1.noarch",
"product_id": "saltbundlepy-pip-20.2.4-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"product": {
"name": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"product_id": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-py-1.10.0-1.9.4.noarch",
"product": {
"name": "saltbundlepy-py-1.10.0-1.9.4.noarch",
"product_id": "saltbundlepy-py-1.10.0-1.9.4.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"product": {
"name": "saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"product_id": "saltbundlepy-pytest-7.3.2-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"product_id": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"product": {
"name": "saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"product_id": "saltbundlepy-tomli-1.2.3-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"product_id": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"product_id": "saltbundlepy-wheel-0.40.0-1.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.ppc64le",
"product_id": "saltbundle-swig-4.1.1-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"product_id": "venv-salt-minion-3006.0-1.30.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.s390x",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.s390x",
"product_id": "saltbundle-swig-4.1.1-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.s390x",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.s390x",
"product_id": "venv-salt-minion-3006.0-1.30.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.x86_64",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.x86_64",
"product_id": "saltbundle-swig-4.1.1-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.x86_64",
"product_id": "venv-salt-minion-3006.0-1.30.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE:EL-9:Update:Products:SaltBundle:Update",
"product": {
"name": "SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product": {
"name": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-doc-4.1.1-1.9.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch"
},
"product_reference": "saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch"
},
"product_reference": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch"
},
"product_reference": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch"
},
"product_reference": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-editables-0.3-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch"
},
"product_reference": "saltbundlepy-editables-0.3-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch"
},
"product_reference": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch"
},
"product_reference": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-packaging-23.1-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch"
},
"product_reference": "saltbundlepy-packaging-23.1-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch"
},
"product_reference": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pip-20.2.4-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch"
},
"product_reference": "saltbundlepy-pip-20.2.4-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch"
},
"product_reference": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-py-1.10.0-1.9.4.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch"
},
"product_reference": "saltbundlepy-py-1.10.0-1.9.4.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pytest-7.3.2-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch"
},
"product_reference": "saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch"
},
"product_reference": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-tomli-1.2.3-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch"
},
"product_reference": "saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-wheel-0.40.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.aarch64 as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.s390x as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.x86_64 as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34049"
}
],
"notes": [
{
"category": "general",
"text": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34049",
"url": "https://www.suse.com/security/cve/CVE-2023-34049"
},
{
"category": "external",
"summary": "SUSE Bug 1215157 for CVE-2023-34049",
"url": "https://bugzilla.suse.com/1215157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-13T09:33:43Z",
"details": "important"
}
],
"title": "CVE-2023-34049"
}
]
}
ubuntu-cve-2023-34049
Vulnerability from osv_ubuntu
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "salt-common",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm5"
},
{
"binary_name": "salt-master",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm5"
},
{
"binary_name": "salt-minion",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm5"
},
{
"binary_name": "salt-ssh",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm5"
},
{
"binary_name": "salt-syndic",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "salt",
"purl": "pkg:deb/ubuntu/salt@0.17.5+ds-1ubuntu0.1~esm5?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.16.0-1",
"0.16.4-2",
"0.17.1+dfsg-1",
"0.17.2-1",
"0.17.2-2",
"0.17.2-3",
"0.17.4-1",
"0.17.4-2",
"0.17.5-1",
"0.17.5+ds-1",
"0.17.5+ds-1ubuntu0.1~esm1",
"0.17.5+ds-1ubuntu0.1~esm2",
"0.17.5+ds-1ubuntu0.1~esm4",
"0.17.5+ds-1ubuntu0.1~esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "salt-api",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
},
{
"binary_name": "salt-cloud",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
},
{
"binary_name": "salt-common",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
},
{
"binary_name": "salt-master",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
},
{
"binary_name": "salt-minion",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
},
{
"binary_name": "salt-proxy",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
},
{
"binary_name": "salt-ssh",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
},
{
"binary_name": "salt-syndic",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "salt",
"purl": "pkg:deb/ubuntu/salt@2015.8.8+ds-1ubuntu0.1+esm2?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2015.5.3+ds-1",
"2015.8.1+ds-2",
"2015.8.3+ds-1",
"2015.8.3+ds-2",
"2015.8.3+ds-3",
"2015.8.5+ds-1",
"2015.8.7+ds-1",
"2015.8.8+ds-1",
"2015.8.8+ds-1ubuntu0.1~esm1",
"2015.8.8+ds-1ubuntu0.1",
"2015.8.8+ds-1ubuntu0.1+esm1",
"2015.8.8+ds-1ubuntu0.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "salt-api",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
},
{
"binary_name": "salt-cloud",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
},
{
"binary_name": "salt-common",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
},
{
"binary_name": "salt-master",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
},
{
"binary_name": "salt-minion",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
},
{
"binary_name": "salt-proxy",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
},
{
"binary_name": "salt-ssh",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
},
{
"binary_name": "salt-syndic",
"binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "salt",
"purl": "pkg:deb/ubuntu/salt@2017.7.4+dfsg1-1ubuntu18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2016.11.5+ds-1",
"2016.11.8+dfsg1-1",
"2017.7.2+dfsg1-2ubuntu1",
"2017.7.3+dfsg1-1",
"2017.7.4+dfsg1-1",
"2017.7.4+dfsg1-1ubuntu18.04.1",
"2017.7.4+dfsg1-1ubuntu18.04.2",
"2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "salt-api",
"binary_version": "3004.1+dfsg-2"
},
{
"binary_name": "salt-cloud",
"binary_version": "3004.1+dfsg-2"
},
{
"binary_name": "salt-common",
"binary_version": "3004.1+dfsg-2"
},
{
"binary_name": "salt-master",
"binary_version": "3004.1+dfsg-2"
},
{
"binary_name": "salt-minion",
"binary_version": "3004.1+dfsg-2"
},
{
"binary_name": "salt-proxy",
"binary_version": "3004.1+dfsg-2"
},
{
"binary_name": "salt-ssh",
"binary_version": "3004.1+dfsg-2"
},
{
"binary_name": "salt-syndic",
"binary_version": "3004.1+dfsg-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "salt",
"purl": "pkg:deb/ubuntu/salt@3004.1+dfsg-2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3002.6+dfsg1-4",
"3002.7+dfsg1-1",
"3004+dfsg1-4",
"3004+dfsg1-5",
"3004+dfsg1-6ubuntu1",
"3004+dfsg1-7",
"3004+dfsg1-8",
"3004.1+dfsg-2"
]
}
],
"aliases": [],
"details": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"id": "UBUNTU-CVE-2023-34049",
"modified": "2026-04-08T12:28:55Z",
"published": "2024-11-14T05:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-34049"
},
{
"type": "REPORT",
"url": "https://saltproject.io/security-announcements/2023-10-27-advisory/index.html"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34049"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-34049"
]
}
WID-SEC-W-2023-2769
Vulnerability from csaf_certbund - Published: 2023-10-29 23:00 - Updated: 2024-12-08 23:00Es besteht eine Schwachstelle in SaltStack Salt. Dieser Fehler besteht in der Salt-SSH Preflight-Option aufgrund eines vorhersehbaren Pfades, der es erlaubt, ein Skript in ein Preflight-Skript auf die Ziel-VM zu kopieren. Ein lokaler Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SaltStack Salt <3006.4
SaltStack / Salt
|
<3006.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
SaltStack Salt <3005.4
SaltStack / Salt
|
<3005.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Salt bietet Infrastrukturverwaltung auf der Grundlage eines dynamischen Kommunikationsbusses.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in SaltStack Salt ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2769 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2769.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2769 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2769"
},
{
"category": "external",
"summary": "Salt security advisory vom 2023-10-29",
"url": "https://saltproject.io/security-announcements/2023-10-27-advisory/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-747E8B0AB1 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-747e8b0ab1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-89E8F3EFC5 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-89e8f3efc5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-3EDA7B85F5 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3eda7b85f5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-A6699DF922 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a6699df922"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4386-1 vom 2023-11-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017014.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4387-1 vom 2023-11-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017013.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-202311:15242-1 vom 2023-12-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017311.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4754-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017370.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4752-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017372.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4748-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017373.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4742-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017375.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4757-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017369.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4749-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017374.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4753-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017371.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-09 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-09"
}
],
"source_lang": "en-US",
"title": "SaltStack Salt: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-12-08T23:00:00.000+00:00",
"generator": {
"date": "2024-12-09T09:21:38.743+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2023-2769",
"initial_release_date": "2023-10-29T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-29T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-11-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-12-13T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-12-14T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3006.4",
"product": {
"name": "SaltStack Salt \u003c3006.4",
"product_id": "T030826"
}
},
{
"category": "product_version",
"name": "3006.4",
"product": {
"name": "SaltStack Salt 3006.4",
"product_id": "T030826-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:saltstack:salt:3006.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3005.4",
"product": {
"name": "SaltStack Salt \u003c3005.4",
"product_id": "T030827"
}
},
{
"category": "product_version",
"name": "3005.4",
"product": {
"name": "SaltStack Salt 3005.4",
"product_id": "T030827-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:saltstack:salt:3005.4"
}
}
}
],
"category": "product_name",
"name": "Salt"
}
],
"category": "vendor",
"name": "SaltStack"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in SaltStack Salt. Dieser Fehler besteht in der Salt-SSH Preflight-Option aufgrund eines vorhersehbaren Pfades, der es erlaubt, ein Skript in ein Preflight-Skript auf die Ziel-VM zu kopieren. Ein lokaler Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T002207",
"T030826",
"T012167",
"T030827",
"74185"
]
},
"release_date": "2023-10-29T23:00:00.000+00:00",
"title": "CVE-2023-34049"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.