Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-34049
CVE-2023-34049:
Python vulnerability analysis and mitigation
Overview
The Salt-SSH pre-flight option vulnerability (CVE-2023-34049) was discovered in Salt Project software. The vulnerability allows an attacker to force Salt-SSH to run their malicious script by exploiting a predictable path where the pre-flight script is copied to the target system (Salt Advisory).
Technical details
The vulnerability stems from the Salt-SSH pre-flight option's functionality where it copies scripts to the target at a predictable path. The vulnerability has been assigned a CVSS v3.0 score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating medium severity with local access requirements (Salt Advisory).
Impact
If successfully exploited, an attacker with access to the target VM can execute their malicious script with the privileges of the user running Salt-SSH, potentially leading to privilege escalation and unauthorized command execution (Salt Advisory).
Mitigation and workarounds
The vulnerability has been patched in Salt versions 3005.4 and 3006.4. The fix involves modifying the copy path on the target to be unpredictable and implementing proper return code checking for the scp command (Salt Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management