CVE-2017-14696

Published: Oct 24, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

Affected (15)

Products: Saltstack: Salt

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Saltstack Salt	Up to 2016.3.7
Saltstack Salt	Version 2016.11.0
Saltstack Salt	Version 2016.11.1
Saltstack Salt	Version 2016.11.1 rc1
Saltstack Salt	Version 2016.11.1 rc2
Saltstack Salt	Version 2016.11.2
Saltstack Salt	Version 2016.11.3
Saltstack Salt	Version 2016.11.4
Saltstack Salt	Version 2016.11.5
Saltstack Salt	Version 2016.11.6
Saltstack Salt	Version 2016.11.7
Saltstack Salt	Version 2016.11
Saltstack Salt	Version 2017.7.0
Saltstack Salt	Version 2017.7.0 rc1
Saltstack Salt	Version 2017.7.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html

Source: cve@mitre.org

Issue TrackingRelease NotesThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html

Source: cve@mitre.org

Issue TrackingRelease NotesThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1500742

Source: cve@mitre.org

Issue TrackingRelease NotesThird Party Advisory

https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html

Source: cve@mitre.org

Issue TrackingRelease NotesVendor Advisory

https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html

Source: cve@mitre.org

Issue TrackingRelease NotesVendor Advisory

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

Source: cve@mitre.org

Issue TrackingRelease NotesVendor Advisory

https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1500742

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesThird Party Advisory

https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesVendor Advisory

https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesVendor Advisory

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesVendor Advisory

https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.