{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T10:38:34.390","vulnerabilities":[{"cve":{"id":"CVE-2017-14695","sourceIdentifier":"cve@mitre.org","published":"2017-10-24T17:29:00.323","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791."},{"lang":"es","value":"Una vulnerabilidad de salto de directorio en la validaciĆ³n minion id en SaltStack Salt en versiones anteriores a la 2016.3.8, en versiones 2016.11.x anteriores a la 2016.11.8 y versiones 2017.7.x anteriores a la 2017.7.2 permite que minions remotos con credenciales incorrectas se autentiquen en un master mediante un ID minion manipulado. NOTA: Esta vulnerabilidad existe debido a una soluciĆ³n incompleta para CVE-2017-12791."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionEndIncluding":"2016.3.7","matchCriteriaId":"CC5250DF-593F-42C2-A64F-47CE0E65070F"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11:*:*:*:*:*:*:*","matchCriteriaId":"689B37E8-7274-4B5A-9419-538A9AB7B99F"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*","matchCriteriaId":"F5B7EDF4-414F-429A-BD20-0B967737598C"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*","matchCriteriaId":"594339CF-8192-425D-9C8C-AA51342D9477"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.1:rc1:*:*:*:*:*:*","matchCriteriaId":"80E02A57-EA6E-4729-8E4E-4F444DA0A88E"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.1:rc2:*:*:*:*:*:*","matchCriteriaId":"6110046D-0532-41DB-9DF0-BB1BD1447D6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*","matchCriteriaId":"E54FADCE-5311-4C8A-9527-1623F9AAC69E"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.3:*:*:*:*:*:*:*","matchCriteriaId":"4E904BB7-706A-43E0-96CE-2A9E671E4FB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.4:*:*:*:*:*:*:*","matchCriteriaId":"0338B627-4E56-4B47-87BA-CE9446CB6345"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.5:*:*:*:*:*:*:*","matchCriteriaId":"FB77EB21-90F0-4E5F-8C2F-2973460A1E05"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.6:*:*:*:*:*:*:*","matchCriteriaId":"536FF3D1-C16D-4F40-8E80-D5956FC6693F"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2016.11.7:*:*:*:*:*:*:*","matchCriteriaId":"CED0077F-8C9D-4043-B15E-61547A0EE58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2017.7.0:*:*:*:*:*:*:*","matchCriteriaId":"8F54D0CC-68F0-44E0-B565-BB9EFFE56817"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2017.7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"97BDE3E9-E1C7-4D8D-B886-A3CE617BF12E"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2017.7.1:*:*:*:*:*:*:*","matchCriteriaId":"87ABC6C6-5E17-4732-B24C-032767D6EBC1"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html","source":"cve@mitre.org","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html","source":"cve@mitre.org","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500748","source":"cve@mitre.org","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html","source":"cve@mitre.org","tags":["Issue Tracking","Release Notes","Vendor Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html","source":"cve@mitre.org","tags":["Issue Tracking","Release Notes","Vendor Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html","source":"cve@mitre.org","tags":["Issue Tracking","Release Notes","Vendor Advisory"]},{"url":"https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500748","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Release Notes","Vendor Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Release Notes","Vendor Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Release Notes","Vendor Advisory"]},{"url":"https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}}]}