CVE-2023-20897

Summary

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Affected Software

VendorProductVersion RangeStatus
n/aSaltSalt masters prior to 3005.2 or 3006.2affected

Weaknesses

  • DOS in minion return.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References