CVE-2023-20898

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-20898
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-20898
Aliases
Related
Published
2023-09-05T11:15:33Z
Modified
2024-09-03T04:22:39.049382Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5
old-branch-2015.8

old-branch-2016.*

old-branch-2016.3

v0.*

v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9

v2014.*

v2014.1
v2014.7
v2014.7.0
v2014.7.0rc1
v2014.7.0rc2
v2014.7.0rc3
v2014.7.0rc4
v2014.7.0rc5
v2014.7.0rc6
v2014.7.0rc7
v2014.7.1
v2014.7.2
v2014.7.3
v2014.7.4
v2014.7.5
v2014.7.6
v2014.7.7
v2014.7.8
v2014.7.9

v2015.*

v2015.2
v2015.2.0rc1
v2015.2.0rc2
v2015.5
v2015.5.0
v2015.5.1
v2015.5.11
v2015.5.2
v2015.5.3
v2015.5.4
v2015.5.5
v2015.5.6
v2015.5.7
v2015.5.8
v2015.5.9
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.11
v2015.8.12
v2015.8.13
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.8
v2015.8.9

v2016.*

v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.2
v2016.11.3
v2016.11.4
v2016.11.5
v2016.11.6
v2016.11.9
v2016.3
v2016.3.0
v2016.3.0rc0
v2016.3.0rc1
v2016.3.0rc2
v2016.3.0rc3
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.4
v2016.3.5
v2016.3.6
v2016.9

v2017.*

v2017.5
v2017.7
v2017.7.0
v2017.7.0rc1
v2017.7.1
v2017.7.2
v2017.7.3
v2017.7.4
v2017.7.5
v2017.7.6
v2017.7.7
v2017.7.8

v2018.*

v2018.11
v2018.2
v2018.3
v2018.3.0
v2018.3.0rc1
v2018.3.1
v2018.3.2
v2018.3.3
v2018.3.4

v2019.*

v2019.2
v2019.2.0
v2019.2.0rc1
v2019.2.0rc2
v2019.2.1
v2019.2.1rc1

Other

v3000
v3000_docs
v3001
v3001rc1
v3002
v3002rc1
v3003rc1
v3005
v3005rc1
v3005rc2

v3000.*

v3000.0rc1
v3000.0rc2
v3000.1

v3001.*

v3001.1

v3002.*

v3002.2
v3002.3
v3002.4
v3002.5

v3005.*

v3005.1
v3005.1-2
v3005.1-3
v3005.1-4