Saltstack: >> Salt >> 2015.5.11 Security Vulnerabilities
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-08-23
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-02-07
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-01-30
Page 4