vulnerability
FreeBSD: VID-3531141D-A708-477C-954A-2A0549E49CA9 (CVE-2017-12791): salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 16, 2017 | Aug 23, 2017 | May 3, 2019 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 16, 2017
Added
Aug 23, 2017
Modified
May 3, 2019
Description
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Solution(s)
freebsd-upgrade-package-py27-saltfreebsd-upgrade-package-py32-saltfreebsd-upgrade-package-py33-saltfreebsd-upgrade-package-py34-saltfreebsd-upgrade-package-py35-saltfreebsd-upgrade-package-py36-salt
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.