Critical severity9.8NVD Advisory· Published Aug 23, 2017· Updated Jun 17, 2026
CVE-2017-12791
CVE-2017-12791
Description
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 2016.11.7 | 2016.11.7 |
saltPyPI | >= 2017.7.0, < 2017.7.1 | 2017.7.1 |
Affected products
14- osv-coords11 versionspkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%203pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.1
< 2016.11.4-46.7.1+ 10 more
- (no CPE)range: < 2016.11.4-46.7.1
- (no CPE)range: < 2016.11.4-46.7.1
- (no CPE)range: < 2016.11.4-46.7.1
- (no CPE)range: < 2016.11.4-46.7.1
- (no CPE)range: < 2016.11.4-43.7.1
- (no CPE)range: < 2016.11.4-43.7.1
- (no CPE)range: < 2016.11.4-46.7.1
- (no CPE)range: < 2016.11.4-46.7.1
- (no CPE)range: < 2016.11.4-4.3.1
- (no CPE)range: < 2016.11.4-46.7.1
- (no CPE)range: < 2016.11.4-4.3.1
Patches
Vulnerability mechanics
References
10- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.htmlnvdPatchRelease NotesVendor AdvisoryWEB
- docs.saltstack.com/en/latest/topics/releases/2017.7.1.htmlnvdPatchRelease NotesVendor AdvisoryWEB
- github.com/saltstack/salt/pull/42944nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/100384nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-xxvj-8g5m-4qgwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12791ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-151.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-35.yamlghsaWEB
News mentions
0No linked articles in our index yet.