7.5

CVE-2017-14696

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SaltstackSalt Version <= 2016.3.7
SaltstackSalt Version2016.11
SaltstackSalt Version2016.11.0
SaltstackSalt Version2016.11.1
SaltstackSalt Version2016.11.1 Updaterc1
SaltstackSalt Version2016.11.1 Updaterc2
SaltstackSalt Version2016.11.2
SaltstackSalt Version2016.11.3
SaltstackSalt Version2016.11.4
SaltstackSalt Version2016.11.5
SaltstackSalt Version2016.11.6
SaltstackSalt Version2016.11.7
SaltstackSalt Version2017.7.0
SaltstackSalt Version2017.7.0 Updaterc1
SaltstackSalt Version2017.7.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.98% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
Third Party Advisory
Release Notes
Issue Tracking
http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
Third Party Advisory
Release Notes
Issue Tracking
https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
Vendor Advisory
Release Notes
Issue Tracking
https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
Vendor Advisory
Release Notes
Issue Tracking
https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
Vendor Advisory
Release Notes
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1500742
Third Party Advisory
Release Notes
Issue Tracking