CVE-2017-12791

9.8 CRITICAL
Published: August 23, 2017 Modified: May 13, 2026
View on NVD

Description

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/100384
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
Source: cve@mitre.org
Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1482006
Source: cve@mitre.org
Issue Tracking Patch Third Party Advisory
https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
Source: cve@mitre.org
Patch Release Notes Vendor Advisory
https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
Source: cve@mitre.org
Patch Release Notes Vendor Advisory
https://github.com/saltstack/salt/pull/42944
Source: cve@mitre.org
Issue Tracking Patch Third Party Advisory
http://www.securityfocus.com/bid/100384
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1482006
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Release Notes Vendor Advisory
https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Release Notes Vendor Advisory
https://github.com/saltstack/salt/pull/42944
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory

12 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
4.6%
91th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

saltstack

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1