salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
Correct a flaw in minion id validation which could allow certain
minions to authenticate to a master despite not having the correct
credentials. To exploit the vulnerability, an attacker must create a
salt-minion with an ID containing characters that will cause a
Credit for discovering the security flaw goes to: Vernhk@qq.com
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright