FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3531141d-a708-477c-954a-2a0549e49ca9	salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master SaltStack reports: Correct a flaw in minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Credit for discovering the security flaw goes to: Vernhk@qq.com Discovery 2017-08-16 Entry 2017-08-22 py27-salt py32-salt py33-salt py34-salt py35-salt py36-salt < 2016.11.7 ge 2017.7.0 lt 2017.7.1 CVE-2017-12791 https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html https://docs.saltstack.com/en/latest/topics/releases/2016.11.7.html

VuXML ID

Description

3531141d-a708-477c-954a-2a0549e49ca9

salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master

SaltStack reports:

Correct a flaw in minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Credit for discovering the security flaw goes to: Vernhk@qq.com

Discovery 2017-08-16
Entry 2017-08-22
py27-salt
py32-salt
py33-salt
py34-salt
py35-salt
py36-salt

< 2016.11.7

ge 2017.7.0 lt 2017.7.1

CVE-2017-12791
https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
https://docs.saltstack.com/en/latest/topics/releases/2016.11.7.html