8.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.3%
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt’s ssh_client.
docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
github.com/advisories/GHSA-8r7r-x48r-pf8f
nvd.nist.gov/vuln/detail/CVE-2017-5200