Miggo Logo

CVE-2015-1838: Salt improper handling of tmp files

5.3

CVSS Score
3.0

Basic Information

EPSS Score
0.38193%
CWE
-
Published
5/17/2022
Updated
10/21/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
saltpip< 2014.7.42014.7.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the install_agent function's original implementation which:

  1. Used hardcoded '/tmp' work directory (world-writable)
  2. Downloaded agent-install.sh to predictable path /tmp/install.sh
  3. Executed scripts directly from /tmp without secure tempfile practices

The fix in commit e11298d shows migration to cachedir + tempfile.NamedTemporaryFile with delete=False, confirming the original function's insecure temp file handling was the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`mo*ul*s/s*rv*r**nsity_**vi**.py` in S*ltSt**k ***or* ****.*.* *o*s not prop*rly **n*l* *il*s in `/tmp`.

Reasoning

T** vuln*r**ility st*ms *rom t** inst*ll_***nt *un*tion's ori*in*l impl*m*nt*tion w*i**: *. Us** **r**o*** '/tmp' work *ir**tory (worl*-writ**l*) *. *ownlo**** ***nt-inst*ll.s* to pr**i*t**l* p*t* /tmp/inst*ll.s* *. *x**ut** s*ripts *ir**tly *rom /tm