PYSEC-2016-23

2016-04-12T14:59:00
ID OSV:PYSEC-2016-23
Type osv
Reporter Google
Modified 2021-07-25T23:34:53

Description

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.