CVE-2023-20897
Salt vulnerable to denial of service
5.3
MEDIUM
CVSS 3.1
EPSS 0.18%
Description
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
How to fix CVE-2023-20897
To remediate CVE-2023-20897, upgrade the affected package to a fixed version below.
- PyPI/salt—upgrade to 3005.2 or later
- —upgrade to 3006.2 or later
Is CVE-2023-20897 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3005.2
- >= 3006.0, < 3006.2, from 0, < 3005.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |