EPSS
Percentile
77.3%
salt is vulnerable to directory traversal attacks. The attack is possible because minion ids are not properly checked, allowing a malicious user to pass a minion id containing escape characters to traverse the filesystem.
docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
github.com/saltstack/salt/pull/42944
security-tracker.debian.org/tracker/CVE-2017-12791