Vulnerability CVE-2023-20897: Information

Description

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-20897
Published: Sept. 5, 2023
Modified: Sept. 14, 2023
Error type identifier: CWE-404

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
saltsisyphus3006.3-alt23007.0-alt1ALT-PU-2023-5558-1329380Fixed
saltsisyphus_e2k3006.3-alt23006.3-alt3.2ALT-PU-2023-5583-1-Fixed
saltsisyphus_riscv643006.3-alt23007.0-alt1ALT-PU-2023-5612-1-Fixed
saltp103006.3-alt33007.0-alt0.p10.1ALT-PU-2023-5717-2329223Fixed
saltp10_e2k3006.3-alt33006.3-alt3.2ALT-PU-2023-5868-1-Fixed
saltc10f13005.2-alt0.c10.13005.5-alt1ALT-PU-2023-5591-2329378Fixed
saltc9f23005.2-alt0.c9.23005.4-alt0.c9.1ALT-PU-2023-5935-5319698Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://saltproject.io/security-announcements/2023-08-10-advisory/
  • Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/

      1. Configuration 1

        cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
        Start including
        3006.0
        End excliding
        3006.2
        cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
        End excliding
        3005.2
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top