SaltStack Salt 3005.2/3006.2 DoS via Minion Return: CVE-2023-20897 September 2023

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Vulnerability Analysis

CVE-2023-20897 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Products Associated with CVE-2023-20897

Want to know whenever a new CVE is published for SaltStack Salt? stack.watch will email you.

Exploit Probability

EPSS

0.11%

Percentile

29.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SaltStack Salt 3005.2/3006.2 DoS via Minion ReturnCVE-2023-20897 Published on September 5, 2023

Vulnerability Analysis

Products Associated with CVE-2023-20897

Exploit Probability

SaltStack Salt 3005.2/3006.2 DoS via Minion Return
CVE-2023-20897 Published on September 5, 2023