CVE-2017-14695

9.8 CRITICAL
Published: October 24, 2017 Modified: May 13, 2026
View on NVD

Description

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
Source: cve@mitre.org
Issue Tracking Release Notes Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
Source: cve@mitre.org
Issue Tracking Release Notes Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1500748
Source: cve@mitre.org
Issue Tracking Release Notes Third Party Advisory
https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
Source: cve@mitre.org
Issue Tracking Release Notes Vendor Advisory
https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
Source: cve@mitre.org
Issue Tracking Release Notes Vendor Advisory
https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
Source: cve@mitre.org
Issue Tracking Release Notes Vendor Advisory
https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
Source: cve@mitre.org
Issue Tracking Patch Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Release Notes Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Release Notes Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1500748
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Release Notes Third Party Advisory
https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Release Notes Vendor Advisory
https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Release Notes Vendor Advisory
https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Release Notes Vendor Advisory
https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory

14 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
2.6%
83th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

saltstack

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1