CVE-2017-14695

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-14695

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14695.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-14695

Aliases

Related

Published

2017-10-24T17:29:00Z

Modified

2024-08-01T07:56:07.936377Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type: GIT
Repo: https://github.com/saltstack/salt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

80d90307b07b3703428ecbb7c8bb468e28a9ae6d

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5

old-branch-2015.8

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16

v0.17

v0.6.0

v0.7.0

v0.8.0

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v2014.*

v2014.1

v2014.7

v2014.7.0

v2014.7.0rc1

v2014.7.0rc2

v2014.7.0rc3

v2014.7.0rc4

v2014.7.0rc5

v2014.7.0rc6

v2014.7.0rc7

v2014.7.1

v2014.7.2

v2014.7.3

v2014.7.4

v2014.7.5

v2014.7.6

v2014.7.7

v2014.7.8

v2014.7.9

v2015.*

v2015.2

v2015.2.0rc1

v2015.2.0rc2

v2015.5

v2015.5.0

v2015.5.1

v2015.5.11

v2015.5.2

v2015.5.3

v2015.5.4

v2015.5.5

v2015.5.6

v2015.5.7

v2015.5.8

v2015.5.9

v2015.8

v2015.8.0

v2015.8.0rc1

v2015.8.0rc2

v2015.8.0rc3

v2015.8.0rc4

v2015.8.0rc5

v2015.8.1

v2015.8.11

v2015.8.12

v2015.8.13

v2015.8.2

v2015.8.3

v2015.8.4

v2015.8.8

v2015.8.9

v2016.*

v2016.11

v2016.11.0

v2016.11.0rc1

v2016.11.0rc2

v2016.11.1

v2016.11.2

v2016.11.3

v2016.11.4

v2016.11.5

v2016.11.6

v2016.3

v2016.3.0

v2016.3.0rc0

v2016.3.0rc1

v2016.3.0rc2

v2016.3.0rc3

v2016.3.1

v2016.3.2

v2016.3.3

v2016.3.4

v2016.3.5

v2016.3.6

v2016.9

v2017.*

v2017.5

v2017.7

v2017.7.0

v2017.7.0rc1

v2017.7.1