CVE-2023-20897

2023-09-0511:15:32

Google

osv.dev

cve-2023-20897

salt masters

dos

minion return

vulnerability

software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

CPENameOperatorVersion
salteq3004.1+dfsg-1
salteq2014.7.0rc5
salteq2017.7.2
salteq3000.1
salteq3004+dfsg1-7
salteq2015.5.5
salteq2015.8.2
salteq2016.11.0rc1
salteq2018.3.4+dfsg1-6+deb10u1
salteq3000.1+dfsg1-1

Name	Operator	Version
salt	eq	3004.1+dfsg-1
salt	eq	2014.7.0rc5
salt	eq	2017.7.2
salt	eq	3000.1
salt	eq	3004+dfsg1-7
salt	eq	2015.5.5
salt	eq	2015.8.2
salt	eq	2016.11.0rc1
salt	eq	2018.3.4+dfsg1-6+deb10u1
salt	eq	3000.1+dfsg1-1