CVE-2023-20898 — MEDIUM (4.2)

Q: How severe is CVE-2023-20898?

CVE-2023-20898 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-20898?

Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt.

Vulnerability Description

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Saltstack	Salt	< 3005.2

References

https://lists.fedoraproject.org/archives/list/[email protected]
https://saltproject.io/security-announcements/2023-08-10-advisory/MitigationVendor Advisory
https://lists.fedoraproject.org/archives/list/[email protected]
https://saltproject.io/security-announcements/2023-08-10-advisory/MitigationVendor Advisory

FAQ

What is CVE-2023-20898?

CVE-2023-20898 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environ...

How severe is CVE-2023-20898?

CVE-2023-20898 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20898?

Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt.