VDB

PYSEC-2017-36

PYSEC-2017-36 PUBLISHED CVSS 8.699999809265137 HIGH

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
PyPIsalt0, 2016.11, 2017.7

Timeline

  • Oct 24, 2017 CVE Published
  • Apr 22, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›