QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14695

Published: Oct 24, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html

x_refsource_CONFIRM

openSUSE-SU-2017:2824

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2017:2822

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=1500748

x_refsource_CONFIRM

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

x_refsource_CONFIRM

https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html

x_refsource_CONFIRM

https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.