Download
| Alert*
oval:org.secpod.oval:def:1800853
A flaw in minion id validation was found which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Fixed In Vers ... oval:org.secpod.oval:def:1800105 A flaw in minion id validation was found which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Fixed In Vers ... oval:org.secpod.oval:def:89044943 This update for salt fixes one security issue and bugs. The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID . Additionally, the f ... oval:org.secpod.oval:def:1900221 Directory traversal vulnerability in minion id validation in salt-common Stack salt-common before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. |