Critical severity9.8NVD Advisory· Published Oct 24, 2017· Updated Jun 17, 2026
CVE-2017-14695
CVE-2017-14695
Description
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 2016.3.8 | 2016.3.8 |
saltPyPI | >= 2016.11.0, < 2016.11.8 | 2016.11.8 |
saltPyPI | >= 2017.7.0, < 2017.7.2 | 2017.7.2 |
Affected products
59cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*range: <=2016.3.7
- cpe:2.3:a:saltstack:salt:2016.11:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.6:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.7:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2017.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2017.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2017.7.1:*:*:*:*:*:*:*
- ghsa-coords44 versionspkg:pypi/saltpkg:rpm/suse/apache-mybatis&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/hadoop&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/icu4j&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/lucene&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/nekohtml&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/nutch-core&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/picocontainer&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%203pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-doc-indexes&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Proxy%203.1pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager-branding-oss&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/tagsoup&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%203.1
< 2016.3.8+ 43 more
- (no CPE)range: < 2016.3.8
- (no CPE)range: < 3.2.3-1.3.1
- (no CPE)range: < 0.18.1-1.3.1
- (no CPE)range: < 55.1-1.3.1
- (no CPE)range: < 2.4.1-1.3.1
- (no CPE)range: < 1.9.21-1.3.1
- (no CPE)range: < 1.0.1-1.3.1
- (no CPE)range: < 1.3.7-1.3.1
- (no CPE)range: < 2016.11.10-1.16.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-43.10.2
- (no CPE)range: < 2016.11.4-43.10.2
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 2016.11.4-46.10.1
- (no CPE)range: < 1.6.2-0.2.9.1
- (no CPE)range: < 2.7.8.13-2.26.1
- (no CPE)range: < 2.7.73.15-2.26.1
- (no CPE)range: < 2.7.2.15-2.25.1
- (no CPE)range: < 2.7.0.6-2.6.1
- (no CPE)range: < 2.7.0.4-2.6.1
- (no CPE)range: < 2.7.46.17-2.35.1
- (no CPE)range: < 2.7.3.6-2.16.1
- (no CPE)range: < 2.7.10.9-2.17.1
- (no CPE)range: < 2.7.1.19-2.29.1
- (no CPE)range: < 0.21-4.6.1
- (no CPE)range: < 1.1.4-6.9.1
- (no CPE)range: < 1.1.4-6.9.1
- (no CPE)range: < 1.1.4-6.9.1
- (no CPE)range: < 1.1.4-6.9.1
- (no CPE)range: < 1.1.4-6.9.1
- (no CPE)range: < 3.1.2-3.3.1
- (no CPE)range: < 3.1.16-2.26.1
- (no CPE)range: < 3.1.20-2.33.1
- (no CPE)range: < 3.1.19-2.30.1
- (no CPE)range: < 3.1.16-2.29.1
- (no CPE)range: < 1.2.1-1.3.1
- (no CPE)range: < 1.19.1-1.3.1
Patches
Vulnerability mechanics
References
10- github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6dnvdIssue TrackingPatchThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2017-10/msg00073.htmlnvdIssue TrackingRelease NotesThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2017-10/msg00075.htmlnvdIssue TrackingRelease NotesThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingRelease NotesThird Party AdvisoryWEB
- docs.saltstack.com/en/latest/topics/releases/2016.11.8.htmlnvdIssue TrackingRelease NotesVendor AdvisoryWEB
- docs.saltstack.com/en/latest/topics/releases/2016.3.8.htmlnvdIssue TrackingRelease NotesVendor AdvisoryWEB
- docs.saltstack.com/en/latest/topics/releases/2017.7.2.htmlnvdIssue TrackingRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-j6gj-pg62-x8j6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-14695ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-36.yamlghsaWEB
News mentions
0No linked articles in our index yet.