Lucene search

K

GoogleOSV:GHSA-J6GJ-PG62-X8J6

HistoryMay 17, 2022 - 12:24 a.m.

SaltStack Salt Directory traversal vulnerability in minion id validation

2022-05-1700:24:32

Google

osv.dev

8

saltstack

directory traversal

vulnerability

minion id validation

authentication

remote minions

crafted minion id

incomplete fix

AI Score

9.3

Confidence

High

EPSS

0.008

Percentile

81.1%

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.

References

lists.opensuse.org/opensuse-updates/2017-10/msg00073.html

lists.opensuse.org/opensuse-updates/2017-10/msg00075.html

bugzilla.redhat.com/show_bug.cgi?id=1500748

docs.saltstack.com/en/latest/topics/releases/2016.11.8.html

docs.saltstack.com/en/latest/topics/releases/2016.3.8.html

docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

github.com/saltstack/salt

github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d

nvd.nist.gov/vuln/detail/CVE-2017-14695

AI Score

9.3

Confidence

High

EPSS

0.008

Percentile

81.1%

Related for OSV:GHSA-J6GJ-PG62-X8J6

prion2 osv6 redhatcve2 veracode2 ubuntucve2 github2 debiancve2 nvd2 cve2 cvelist2 nessus11 freebsd2 openvas3 archlinux2 photon2 ubuntu1