CVE-2023-20897: Salt vulnerable to denial of service
(updated )
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
References
- github.com/advisories/GHSA-vpjg-wmf8-29h9
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml
- github.com/saltstack/salt
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
- nvd.nist.gov/vuln/detail/CVE-2023-20897
- saltproject.io/security-announcements/2023-08-10-advisory
Detect and mitigate CVE-2023-20897 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →