CVE-2017-12791

CWE-22 — Path Traversal12 documents7 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 23.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt

Timeline

PublishedAug 23

Latest updateMay 17

Description

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDsaltstack/salt2016.11.6+1

▶PyPIsalt2017.7.0 — 2017.7.1+2

Patches

Patch: bugs.debian.org ↗Patch: bugzilla.redhat.com ↗Patch: docs.saltstack.com ↗

🔴Vulnerability Details

OSV

SaltStack Salt Directory traversal vulnerability in minion id validation↗2022-05-17

▶

GHSA

SaltStack Salt Directory traversal vulnerability in minion id validation↗2022-05-17

▶

GHSA

SaltStack Salt Directory traversal vulnerability in minion id validation↗2022-05-17

▶

CVEList

CVE-2017-12791: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016↗2017-08-23

▶

OSV

CVE-2017-12791: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016↗2017-08-23

▶

📋Vendor Advisories

Ubuntu

Salt vulnerabilities↗2021-03-15

▶

Red Hat

salt: Directory traversal in minion id validation↗2017-09-26

▶

Red Hat

salt: Directory traversal vulnerability on salt-master via crafted minion IDs↗2017-08-15

▶

💬Community

Bugzilla

CVE-2017-12791 salt: Directory traversal vulnerability on salt-master via crafted minion IDs↗2017-08-16

▶

Bugzilla

CVE-2017-12791 salt: Directory traversal vulnerability on salt-master via crafted minion IDs [fedora-all]↗2017-08-16

▶

Bugzilla

CVE-2017-12791 salt: Directory traversal vulnerability on salt-master via crafted minion IDs [epel-all]↗2017-08-16

▶