cpe:/a:saltstack:salt:2016.3.7 cpe:/a:saltstack:salt:2016.11 cpe:/a:saltstack:salt:2016.11.0 cpe:/a:saltstack:salt:2016.11.1 cpe:/a:saltstack:salt:2016.11.1:rc1 cpe:/a:saltstack:salt:2016.11.1:rc2 cpe:/a:saltstack:salt:2016.11.2 cpe:/a:saltstack:salt:2016.11.3 cpe:/a:saltstack:salt:2016.11.4 cpe:/a:saltstack:salt:2016.11.5 cpe:/a:saltstack:salt:2016.11.6 cpe:/a:saltstack:salt:2016.11.7 cpe:/a:saltstack:salt:2017.7.0 cpe:/a:saltstack:salt:2017.7.0:rc1 cpe:/a:saltstack:salt:2017.7.1 CVE-2017-14695 2017-10-24T13:29:00.323-04:00 2017-11-14T16:49:19.657-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-11-14T16:15:48.693-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1500748 CONFIRM https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html CONFIRM https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html CONFIRM https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html CONFIRM https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d SUSE openSUSE-SU-2017:2822 SUSE openSUSE-SU-2017:2824 Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.