Lucene search
GoogleOSV:GHSA-H8XP-H3JF-WV4VHistoryMay 24, 2022 - 4:50 p.m.
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
2022-05-2416:50:39
Google
osv.dev
3
saltstack
sql injection
mysql
privilege escalation
rce
cloud provider
fixed version
SaltStack Salt 2018.3 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt (https://github.com/saltstack/salt/blob/develop/salt/modules/mysql.py#L1462). The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
Related
cve
cve
CVE-2019-1010259
2019-07-18 17:15:11
CVE-2019-1000033
2019-07-26 21:15:11
github
github
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
2022-05-24 16:50:39
prion
prion
Sql injection
2019-07-18 17:15:00
cvelist
cvelist
CVE-2019-1010259
2019-07-18 16:33:35
veracode
veracode
SQL Injection
2019-07-19 03:16:26
nvd
nvd
CVE-2019-1010259
2019-07-18 17:15:11
CVE-2019-1000033
2019-07-26 21:15:11
debiancve
debiancve
CVE-2019-1010259
2019-07-18 17:15:11
ubuntucve
ubuntucve
CVE-2019-1010259
2019-07-18 00:00:00
osv
osv
PYSEC-2019-119
2019-07-18 17:15:00