Описание
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchRelease NotesVendor Advisory
- PatchRelease NotesVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchRelease NotesVendor Advisory
- PatchRelease NotesVendor Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Directory traversal vulnerability in minion id validation in SaltStack ...
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2