CVE-2023-20897 — MEDIUM (5.3)

Q: How severe is CVE-2023-20897?

CVE-2023-20897 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-20897?

Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt.

Vulnerability Description

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Saltstack	Salt	< 3005.2

Related Weaknesses (CWE)

CWE-404

References

FAQ

What is CVE-2023-20897?

CVE-2023-20897 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unrespons...

How severe is CVE-2023-20897?

CVE-2023-20897 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20897?

Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt.