CVE-2024-38824: 
Python vulnerability analysis and mitigation

A directory traversal vulnerability has been identified in the recv_file method, tracked as CVE-2024-38824. The vulnerability was discovered and initially published on June 13, 2025, affecting Salt Project software. This critical security issue allows arbitrary files to be written to the master cache directory (Wiz Report).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 9.6 (Critical) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. This scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, requires no user interaction, has changed scope, and can result in high impact to both confidentiality and integrity, while having no impact on availability (Salt Release Notes, Wiz Report).

The vulnerability allows attackers to write arbitrary files to the master cache directory, potentially leading to significant security implications. The high confidentiality and integrity impact ratings suggest that successful exploitation could result in unauthorized access to sensitive information and the ability to modify critical system files (Salt Release Notes).

Patches for this vulnerability have been released in Salt versions 3006.12 and 3007.4. Users are strongly advised to upgrade to these patched versions to address the security issue (Salt Release Notes, Salt 3007.4).