ID CVE-2017-7893
Summary In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
References
Vulnerable Configurations
  • SaltStack Salt 0.6.0
    cpe:2.3:a:saltstack:salt:0.6.0
  • SaltStack Salt 0.7.0
    cpe:2.3:a:saltstack:salt:0.7.0
  • SaltStack Salt 0.8.0
    cpe:2.3:a:saltstack:salt:0.8.0
  • SaltStack Salt 0.8.7
    cpe:2.3:a:saltstack:salt:0.8.7
  • SaltStack Salt 0.8.8
    cpe:2.3:a:saltstack:salt:0.8.8
  • SaltStack Salt 0.8.9
    cpe:2.3:a:saltstack:salt:0.8.9
  • SaltStack Salt 0.9.0
    cpe:2.3:a:saltstack:salt:0.9.0
  • SaltStack Salt 0.9.2
    cpe:2.3:a:saltstack:salt:0.9.2
  • SaltStack Salt 0.9.3
    cpe:2.3:a:saltstack:salt:0.9.3
  • SaltStack Salt 0.9.4
    cpe:2.3:a:saltstack:salt:0.9.4
  • SaltStack Salt 0.9.5
    cpe:2.3:a:saltstack:salt:0.9.5
  • SaltStack Salt 0.9.6
    cpe:2.3:a:saltstack:salt:0.9.6
  • SaltStack Salt 0.9.7
    cpe:2.3:a:saltstack:salt:0.9.7
  • SaltStack Salt 0.9.8
    cpe:2.3:a:saltstack:salt:0.9.8
  • SaltStack Salt 0.9.9
    cpe:2.3:a:saltstack:salt:0.9.9
  • SaltStack Salt 0.10.0
    cpe:2.3:a:saltstack:salt:0.10.0
  • SaltStack Salt 0.10.2
    cpe:2.3:a:saltstack:salt:0.10.2
  • SaltStack Salt 0.10.3
    cpe:2.3:a:saltstack:salt:0.10.3
  • SaltStack Salt 0.10.4
    cpe:2.3:a:saltstack:salt:0.10.4
  • SaltStack Salt 0.10.5
    cpe:2.3:a:saltstack:salt:0.10.5
  • SaltStack Salt 0.11.0
    cpe:2.3:a:saltstack:salt:0.11.0
  • SaltStack Salt 0.12.0
    cpe:2.3:a:saltstack:salt:0.12.0
  • SaltStack Salt 0.13.0
    cpe:2.3:a:saltstack:salt:0.13.0
  • SaltStack Salt 0.14.0
    cpe:2.3:a:saltstack:salt:0.14.0
  • SaltStack Salt 0.15.0
    cpe:2.3:a:saltstack:salt:0.15.0
  • SaltStack Salt 0.15.1
    cpe:2.3:a:saltstack:salt:0.15.1
  • SaltStack Salt 0.16.0
    cpe:2.3:a:saltstack:salt:0.16.0
  • SaltStack Salt 0.16.2
    cpe:2.3:a:saltstack:salt:0.16.2
  • SaltStack Salt 0.16.3
    cpe:2.3:a:saltstack:salt:0.16.3
  • SaltStack Salt 0.16.4
    cpe:2.3:a:saltstack:salt:0.16.4
  • SaltStack Salt 0.17.0
    cpe:2.3:a:saltstack:salt:0.17.0
  • SaltStack Salt 0.17.1
    cpe:2.3:a:saltstack:salt:0.17.1
  • SaltStack Salt 2014.1.9
    cpe:2.3:a:saltstack:salt:2014.1.9
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
refmap via4
confirm https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
Last major update 23-04-2018 - 18:29
Published 23-04-2018 - 18:29
Last modified 29-05-2018 - 10:16
Back to Top