Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kapu-yvhn-ybhw
Vulnerability ID VCID-kapu-yvhn-ybhw
Aliases CVE-2017-14695
GHSA-j6gj-pg62-x8j6
PYSEC-2017-36
Summary Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
https://bugzilla.redhat.com/show_bug.cgi?id=1500748
https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-36.yaml
https://github.com/saltstack/salt
https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
CVE-2017-14695 https://nvd.nist.gov/vuln/detail/CVE-2017-14695
GHSA-j6gj-pg62-x8j6 https://github.com/advisories/GHSA-j6gj-pg62-x8j6
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:04:51.396759+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2017-36.yaml 38.6.0