salt is vulnerable to directory traversal attacks. The attack is possible because of an incomplete fix for CVE-2017-12791
. A malicious user can include escape characters and path separators into credentials when authenticating to a master to traverse the filesystem.