CVE-2017-12791

Debian Bug report logs - #872399 salt: CVE-2017-12791: Directory traversal vulnerability on salt-master via crafted minion IDs Package: src:salt; Maintainer for src:salt is Debian Salt Team <pkg-salt-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Aug 2017 03:54:02 UT ...

Debian Bug report logs - #879090 salt: CVE-2017-14696: Remote DoS via crated authentication request Package: src:salt; Maintainer for src:salt is Debian Salt Team <pkg-salt-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 19 Oct 2017 08:06:01 UTC Severity: important Tags ...

Debian Bug report logs - #879089 salt: CVE-2017-14695: Directory traversal in minion id validation Package: src:salt; Maintainer for src:salt is Debian Salt Team <pkg-salt-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 19 Oct 2017 08:03:01 UTC Severity: important Tags: ...

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016117 and 20177x before 201771 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID ...

It has been discovered that maliciously crafted minion IDs can cause unwanted directory traversals on the salt-master The flaw is within the minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials To exploit the vulnerability, an attacker must create a salt-minion with an ID co ...