Vulnerability Name:

CVE-2017-14695

Assigned:2017-09-22
Published:2017-10-24
Updated:2017-11-14
Summary:Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
CVSS v3 Severity:9.8 Critical (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-22
References:Source: SUSE
Type: VENDOR_ADVISORY
openSUSE-SU-2017:2822

Source: SUSE
Type: VENDOR_ADVISORY
openSUSE-SU-2017:2824

Source: CONFIRM
Type: VENDOR_ADVISORY
https://bugzilla.redhat.com/show_bug.cgi?id=1500748

Source: CONFIRM
Type: VENDOR_ADVISORY
https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html

Source: CONFIRM
Type: VENDOR_ADVISORY
https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html

Source: CONFIRM
Type: VENDOR_ADVISORY
https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

Source: XF
Type: UNKNOWN
saltstack-cve201714695-dir-traversal(134078)

Source: CONFIRM
Type: VENDOR_ADVISORY
https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d

Vulnerable Configuration:Configuration 1:
  • cpe:/a:saltstack:salt:2016.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2016.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2017.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2017.7.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:saltstack:salt:2017.7.1:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201714695
    V
    CVE-2017-14695
    2017-11-24
    oval:com.ubuntu.xenial:def:201714695000
    V
    CVE-2017-14695 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-10-24
    oval:com.ubuntu.trusty:def:201714695000
    V
    CVE-2017-14695 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-10-24
    BACK
    saltstack salt 2016.3.7
    saltstack salt 2016.11
    saltstack salt 2016.11.0
    saltstack salt 2016.11.1
    saltstack salt 2016.11.1 rc1
    saltstack salt 2016.11.1 rc2
    saltstack salt 2016.11.2
    saltstack salt 2016.11.3
    saltstack salt 2016.11.4
    saltstack salt 2016.11.5
    saltstack salt 2016.11.6
    saltstack salt 2016.11.7
    saltstack salt 2017.7.0
    saltstack salt 2017.7.0 rc1
    saltstack salt 2017.7.1