SaltStack Salt Directory traversal vulnerability in minion id validation

🗓️ 17 May 2022 00:24:32Reported by GitHub Advisory DatabaseType

Directory traversal vulnerability in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.

Reporter	Title	Published	Views	Family All 49
ArchLinux	[ASA-201710-12] salt: multiple issues	9 Oct 201700:00	–	archlinux
CNVD	SaltStack Salt Directory Traversal Vulnerability (CNVD-2017-35509)	25 Oct 201700:00	–	cnvd
CVE	CVE-2017-14695	24 Oct 201717:00	–	cve
Cvelist	CVE-2017-14695	24 Oct 201717:00	–	cvelist
Debian CVE	CVE-2017-14695	24 Oct 201717:00	–	debiancve
EUVD	EUVD-2017-0120	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : salt -- multiple vulnerabilities (50127e44-7b88-4ade-8e12-5d57320823f1)	27 Nov 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : salt (openSUSE-2017-1182)	23 Oct 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : salt (openSUSE-2017-1183)	23 Oct 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : salt (openSUSE-2018-388)	24 Apr 201800:00	–	nessus

Vulners

Node

saltstack saltRange2017.7.0–2017.7.2pip

saltstack saltRange2016.11.0–2016.11.8pip

saltstack saltRange<2016.3.8pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-14695
github	www.github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
docs	www.docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
docs	www.docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
docs	www.docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
lists	www.lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
lists	www.lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
github	www.github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-36.yaml
github	www.github.com/advisories/GHSA-j6gj-pg62-x8j6

21 Oct 2024 21:11Current

9.2High risk

Vulners AI Score9.2

CVSS 27.5

CVSS 39.8

EPSS0.00331