CVE-2017-12791

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
23/08/2017
Last modified:
20/04/2025

Description

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* 2016.11.6 (including)
cpe:2.3:a:saltstack:salt:2017.7.0:*:*:*:*:*:*:*