CVE-2023-20897
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Salt | Salt masters prior to 3005.2 or 3006.2 | affected |
Weaknesses
- DOS in minion return.
ADP Enrichment
CVE Program Container
Additional References
- https://saltproject.io/security-announcements/2023-08-10-advisory/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://saltproject.io/security-announcements/2023-08-10-advisory/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.