{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-38824","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2024-06-19T22:32:06.583Z","datePublished":"2025-06-13T07:10:31.166Z","dateUpdated":"2026-02-26T17:50:37.930Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"Salt","product":"SALT","vendor":"VMware","versions":[{"lessThan":"3006.12","status":"affected","version":"3006.x","versionType":"lts"},{"lessThan":"3007.4","status":"affected","version":"3007.x","versionType":"sts"}]}],"datePublic":"2025-06-12T07:33:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.<br></p>"}],"value":"Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.6,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2025-06-13T07:10:31.166Z"},"references":[{"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"}],"source":{"discovery":"UNKNOWN"},"title":"CVE-2024-38824 salt advisory","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-38824","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-06-14T03:56:04.670703Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:37.930Z"}}]}}