CVE-2023-20897

MEDIUM

SaltStack Salt < 3005.2 - Denial of Service via Minion Return Request Handling

Title source: llm

Description

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

References (2)

Core 2

Core References

Vendor Advisory

https://saltproject.io/security-announcements/2023-08-10-advisory/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/

Scores

CVSS v3 5.3

EPSS 0.0103

EPSS Percentile 59.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (2)

pypi/salt 0 - 3005.2PyPI

saltstack/salt < 3005.2

Published Sep 05, 2023

Tracked Since Feb 18, 2026