Ch3Ll

**Name of the Vulnerable Software and Affected Versions** SaltStack Salt versions prior to 2016.11.7 SaltStack Salt versions 2017.7.x prior to 2017.7.1 **Description** A directory traversal vulnerability exists in the minion id validation of SaltStack Salt. This issue allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. **Recommendations** For SaltStack Salt versions prior to 2016.11.7, update to version 2016.11.7 or later. For SaltStack Salt versions 2017.7.x prior to 2017.7.1, update to version 2017.7.1 or later.