PYSEC-2017-36
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2017-36.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2017-36
- Aliases
- Published
- 2017-10-24T17:29:00Z
- Modified
- 2024-04-22T23:26:17.156744Z
- Summary
- [none]
- Details
-
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
- References
-
- https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
- https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1500748
- http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
- http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
Affected packages
PyPI / salt
Package
- Name
- salt
- View open source insights on deps.dev
- Purl
- pkg:pypi/salt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/saltstack/salt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2016.3.8Introduced2016.11Fixed2016.11.8Introduced2017.7Fixed2017.7.2
Affected versions
0.*
0.8.7
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.9.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
2014.*
2014.1.0rc1
2014.1.0rc2
2014.1.0rc3
2014.1.0
2014.1.1
2014.1.2
2014.1.3
2014.1.4
2014.1.5
2014.1.6
2014.1.7
2014.1.8
2014.1.9
2014.1.10
2014.1.11
2014.1.12
2014.1.13
2014.7.0rc1
2014.7.0rc2
2014.7.0rc3
2014.7.0rc4
2014.7.0rc5
2014.7.0rc6
2014.7.0rc7
2014.7.0
2014.7.1
2014.7.2
2014.7.3
2014.7.4
2014.7.5
2014.7.6
2014.7.7
2015.*
2015.2.0rc1
2015.2.0rc2
2015.5.0
2015.5.1
2015.5.2
2015.5.3
2015.5.4
2015.5.5
2015.5.6
2015.5.7
2015.5.8
2015.5.9
2015.5.10
2015.5.11
2015.8.0rc1
2015.8.0rc2
2015.8.0rc3
2015.8.0rc4
2015.8.0rc5
2015.8.0
2015.8.1
2015.8.2
2015.8.3
2015.8.4
2015.8.5
2015.8.7
2015.8.8
2015.8.8.2
2015.8.9
2015.8.10
2015.8.11
2015.8.12
2015.8.13
2016.*
2016.3.0rc2
2016.3.0rc3
2016.3.0
2016.3.1
2016.3.2
2016.3.3
2016.3.4
2016.3.5
2016.3.6
2016.3.7
2016.11.0
2016.11.1
2016.11.2
2016.11.3
2016.11.4
2016.11.5
2016.11.6
2016.11.7
2017.*
2017.7.0
2017.7.1