Salt@2016.3.3 Security Vulnerabilities and Issues — Salt@2016.3.3 CVE List

Lucene search

SaltstackSalt2016.3.3

2 matches found

CVE•added 2017/09/26 2:29 p.m.•82 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

9CVSS8.6AI score0.01262EPSS

CVE•added 2017/09/26 2:29 p.m.•78 views

CVE-2017-5192

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

8.8CVSS8.5AI score0.00149EPSS