logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2017-12791 salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0 <2016.11.7 || >=2017.7.0 <2017.7.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01383 pctl0.79575

Details

SaltStack Salt Directory traversal vulnerability in minion id validation Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

Metadata

Created: 2022-05-17T01:22:50Z
Modified: 2024-10-21T21:12:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xxvj-8g5m-4qgw/GHSA-xxvj-8g5m-4qgw.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-xxvj-8g5m-4qgw
Finding: F063
Auto approve: 1