CVE-2017-12791

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12791

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12791.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12791

Aliases

Related

Published

2017-08-23T14:29:00Z

Modified

2024-05-09T06:29:44.965706Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type: GIT
Repo: https://github.com/saltstack/salt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

81695a9f3c9bfa9224a4b58426e872e823112926

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5

old-branch-2015.8

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16

v0.17

v0.6.0

v0.7.0

v0.8.0

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v2014.*

v2014.1

v2014.7

v2014.7.0

v2014.7.0rc1

v2014.7.0rc2

v2014.7.0rc3

v2014.7.0rc4

v2014.7.0rc5

v2014.7.0rc6

v2014.7.0rc7

v2014.7.1

v2014.7.2

v2014.7.3

v2014.7.4

v2014.7.5

v2014.7.6

v2014.7.7

v2014.7.8

v2014.7.9

v2015.*

v2015.2

v2015.2.0rc1

v2015.2.0rc2

v2015.5

v2015.5.0

v2015.5.1

v2015.5.11

v2015.5.2

v2015.5.3

v2015.5.4

v2015.5.5

v2015.5.6

v2015.5.7

v2015.5.8

v2015.5.9

v2015.8

v2015.8.0

v2015.8.0rc1

v2015.8.0rc2

v2015.8.0rc3

v2015.8.0rc4

v2015.8.0rc5

v2015.8.1

v2015.8.11

v2015.8.12

v2015.8.13

v2015.8.2

v2015.8.3

v2015.8.4

v2015.8.8

v2015.8.9

v2016.*

v2016.11

v2016.11.0

v2016.11.0rc1

v2016.11.0rc2

v2016.11.1

v2016.11.2

v2016.11.3

v2016.11.4

v2016.11.5

v2016.11.6

v2016.3

v2016.3.0

v2016.3.0rc0

v2016.3.0rc1

v2016.3.0rc2

v2016.3.0rc3

v2016.3.1

v2016.3.2

v2016.3.3

v2016.3.4

v2016.3.5

v2016.3.6

v2016.9

v2017.*

v2017.5

v2017.7

v2017.7.0

v2017.7.0rc1