Saltstack: >> Salt >> 2015.8.8.2 Security Vulnerabilities
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-08-23
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-02-07
Page 4