Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14eHZqLThnNW0tNHFnd84AAZkW
SaltStack Salt Directory traversal vulnerability in minion id validation
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Permalink: https://github.com/advisories/GHSA-xxvj-8g5m-4qgwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14eHZqLThnNW0tNHFnd84AAZkW
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: about 1 month ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-xxvj-8g5m-4qgw, CVE-2017-12791
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12791
- https://github.com/saltstack/salt/pull/42944
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
- https://bugzilla.redhat.com/show_bug.cgi?id=1482006
- https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
- https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-35.yaml
- https://github.com/advisories/GHSA-xxvj-8g5m-4qgw
Blast Radius: 25.8
Affected Packages
pypi:salt
Dependent packages: 34Dependent repositories: 428
Downloads: 48,621 last month
Affected Version Ranges: >= 2017.7.0, < 2017.7.1, < 2016.11.7
Fixed in: 2017.7.1, 2016.11.7
All affected versions: 0.8.7, 0.8.9, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.14.0, 0.14.1, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.15.90, 0.16.0, 0.16.1, 0.16.2, 0.16.3, 0.16.4, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5, 2014.1.0, 2014.1.1, 2014.1.2, 2014.1.3, 2014.1.4, 2014.1.5, 2014.1.6, 2014.1.7, 2014.1.8, 2014.1.9, 2014.1.10, 2014.1.11, 2014.1.12, 2014.1.13, 2014.7.0, 2014.7.1, 2014.7.2, 2014.7.3, 2014.7.4, 2014.7.5, 2014.7.6, 2014.7.7, 2015.5.0, 2015.5.1, 2015.5.2, 2015.5.3, 2015.5.4, 2015.5.5, 2015.5.6, 2015.5.7, 2015.5.8, 2015.5.9, 2015.5.10, 2015.5.11, 2015.8.0, 2015.8.1, 2015.8.2, 2015.8.3, 2015.8.4, 2015.8.5, 2015.8.7, 2015.8.8, 2015.8.9, 2015.8.10, 2015.8.11, 2015.8.12, 2015.8.13, 2016.3.0, 2016.3.1, 2016.3.2, 2016.3.3, 2016.3.4, 2016.3.5, 2016.3.6, 2016.3.7, 2016.3.8, 2016.11.0, 2016.11.1, 2016.11.2, 2016.11.3, 2016.11.4, 2016.11.5, 2016.11.6, 2017.7.0
All unaffected versions: 2016.11.7, 2016.11.8, 2016.11.9, 2016.11.10, 2017.7.1, 2017.7.2, 2017.7.3, 2017.7.4, 2017.7.5, 2017.7.6, 2017.7.7, 2017.7.8, 2018.3.0, 2018.3.1, 2018.3.2, 2018.3.3, 2018.3.4, 2018.3.5, 2019.2.0, 2019.2.1, 2019.2.2, 2019.2.3, 2019.2.4, 2019.2.5, 2019.2.6, 2019.2.7, 2019.2.8