{"id":"CVE-2017-14695","details":"Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.","aliases":["GHSA-j6gj-pg62-x8j6","PYSEC-2017-36"],"modified":"2026-04-10T03:57:15.533295Z","published":"2017-10-24T17:29:00.323Z","related":["SUSE-SU-2017:3380-1","SUSE-SU-2017:3381-1","SUSE-SU-2018:1757-1","SUSE-SU-2018:3811-1","openSUSE-SU-2024:11364-1"],"references":[{"type":"REPORT","url":"https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html"},{"type":"REPORT","url":"https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html"},{"type":"REPORT","url":"https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html"},{"type":"REPORT","url":"http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html"},{"type":"REPORT","url":"http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500748"},{"type":"FIX","url":"https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/saltstack/salt","events":[{"introduced":"0"},{"last_affected":"11d176ff1b3c72a529a641c780de6bf70b792253"},{"introduced":"0"},{"last_affected":"f76dc0f9c06dd0690447a31544b7bd1fe7f5765a"},{"introduced":"0"},{"last_affected":"f44724cca5147595557cba04ff215ee31c35fe73"},{"introduced":"0"},{"last_affected":"f7294dc85bdd975022f53cfb241877059208f82b"},{"introduced":"0"},{"last_affected":"ec59ae67c82e2bc63e16b05d95492a0756257207"},{"introduced":"0"},{"last_affected":"40f72db53e2b22e7ef88e1e150caedfdf10772f1"},{"introduced":"0"},{"last_affected":"e5cd6086a75818885f2bd5bee3d7da3b2c07b110"},{"introduced":"0"},{"last_affected":"a10f0146a42338e04a4e2d8066f1ee99571c9fbd"},{"introduced":"0"},{"last_affected":"afc61ffe63770a731154f1380a91d566248a8fae"},{"introduced":"0"},{"last_affected":"d15dce349611a970fff8d3ffb462ef95ce7b2360"},{"introduced":"0"},{"last_affected":"81695a9f3c9bfa9224a4b58426e872e823112926"},{"introduced":"0"},{"last_affected":"965583fa55f0c34c0f17c6a16584f44b97942e0b"},{"introduced":"0"},{"last_affected":"0931281ebd1ca794b27bf7dc4e918efd3a05c612"},{"fixed":"80d90307b07b3703428ecbb7c8bb468e28a9ae6d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2016.3.7"},{"introduced":"0"},{"last_affected":"2016.11"},{"introduced":"0"},{"last_affected":"2016.11.0"},{"introduced":"0"},{"last_affected":"2016.11.1"},{"introduced":"0"},{"last_affected":"2016.11.2"},{"introduced":"0"},{"last_affected":"2016.11.3"},{"introduced":"0"},{"last_affected":"2016.11.4"},{"introduced":"0"},{"last_affected":"2016.11.5"},{"introduced":"0"},{"last_affected":"2016.11.6"},{"introduced":"0"},{"last_affected":"2016.11.7"},{"introduced":"0"},{"last_affected":"2017.7.0"},{"introduced":"0"},{"last_affected":"2017.7.0-rc1"},{"introduced":"0"},{"last_affected":"2017.7.1"}]}}],"versions":["v0.10.0","v0.10.1","v0.10.2","v0.10.3","v0.10.4","v0.10.5","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.16","v0.17","v0.6.0","v0.7.0","v0.8.0","v0.8.7","v0.8.9","v0.9.0","v0.9.1","v0.9.2","v0.9.3","v0.9.9","v2014.1","v2014.7","v2015.2","v2015.5","v2015.8","v2016.11","v2016.11.0","v2016.11.0rc1","v2016.11.0rc2","v2016.11.1","v2016.11.2","v2016.11.3","v2016.11.4","v2016.11.5","v2016.11.6","v2016.11.7","v2016.3","v2016.3.0","v2016.3.0rc0","v2016.3.0rc1","v2016.3.0rc2","v2016.3.0rc3","v2016.3.1","v2016.3.2","v2016.3.3","v2016.3.4","v2016.3.5","v2016.3.6","v2016.3.7","v2016.9","v2017.5","v2017.7","v2017.7.0","v2017.7.0rc1","v2017.7.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14695.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2016.11.1-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"2016.11.1-rc2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}