salt -- multiple vulnerabilities

2018-10-24T00:00:00
ID 4F7C6AF3-6A2C-4EAD-8453-04E509688D45
Type freebsd
Reporter FreeBSD
Modified 2018-10-24T00:00:00

Description

SaltStack reports:

Remote command execution and incorrect access control when using salt-api. Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.