Saltstack · Saltstack Salt · CVE-2017-12791
**Name of the Vulnerable Software and Affected Versions**
SaltStack Salt versions prior to 2016.11.7
SaltStack Salt versions 2017.7.x prior to 2017.7.1
**Description**
A directory traversal vulnerability exists in the minion id validation of SaltStack Salt. This issue allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
**Recommendations**
For SaltStack Salt versions prior to 2016.11.7, update to version 2016.11.7 or later.
For SaltStack Salt versions 2017.7.x prior to 2017.7.1, update to version 2017.7.1 or later.