{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "salt-cve20143563-symlink(95392)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392"}, {"name": "[oss-security] 20140821 Revised: Salt 2014.1.10 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q3/428"}, {"name": "69319", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69319"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.331Z"}, "title": "CVE Program Container", "references": [{"name": "salt-cve20143563-symlink(95392)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392"}, {"name": "[oss-security] 20140821 Revised: Salt 2014.1.10 released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q3/428"}, {"name": "69319", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69319"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3563", "datePublished": "2014-08-22T17:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.331Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "B68CA5F8-0A4B-4B03-A20D-5057F2E643DD", "versionEndIncluding": "2014.1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Salt (tambi\u00e9n conocido como SaltStack) anterior a 2014.1.10 permiten a usuarios locales tener un impacto no especificado a trav\u00e9s de vectores relacionados con la creaci\u00f3n de ficheros temporales en (1) seed.py, (2) salt-ssh, o (3) salt-cloud."}], "id": "CVE-2014-3563", "lastModified": "2024-11-21T02:08:22.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-22T17:55:02.517", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://seclists.org/oss-sec/2014/q3/428"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/69319"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://seclists.org/oss-sec/2014/q3/428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "salt: insecure tmp file creation in seed.py, salt-ssh, and salt-cloud", "id": "1135361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1135361"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "status": "draft"}, "cwe": "CWE-377", "details": ["Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud."], "name": "CVE-2014-3563", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "ice-1.2", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2014-08-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3563\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3563\nhttp://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html\nhttps://github.com/saltstack/salt/releases/tag/v2014.1.10"], "statement": "Inktank Ceph Enterprise 1.2 only receives qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix: http://www.inktank.com/enterprise/support/", "threat_severity": "Moderate"}