First published: Tue Sep 26 2017(Updated: )
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SaltStack Salt | <=2015.8.12 | |
SaltStack Salt | =2016.3.0 | |
SaltStack Salt | =2016.3.1 | |
SaltStack Salt | =2016.3.2 | |
SaltStack Salt | =2016.3.3 | |
SaltStack Salt | =2016.3.4 | |
SaltStack Salt | =2016.11.0 | |
SaltStack Salt | =2016.11.1 | |
SaltStack Salt | =2016.11.2 | |
pip/salt | >=2016.11.0<2016.11.2 | 2016.11.2 |
pip/salt | >=2016.3.0<2016.3.5 | 2016.3.5 |
pip/salt | <2015.8.13 | 2015.8.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.