[3.6] salt: Directory traversal vulnerability on salt-master via crafted minion IDs (CVE-2017-12791)ID: oval:org.secpod.oval:def:1800105 | Date: (C)2018-03-28 (M)2021-11-09 |
Class: PATCH | Family: unix |
A flaw in minion id validation was found which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Fixed In Version: salt 2016.3.7, salt 2016.11.7, salt 2017.7.1
Platform: |
Alpine Linux 3.6 |