Lucene search
Redhat.comRH:CVE-2017-5192HistoryFeb 10, 2017 - 8:18 a.m.
CVE-2017-5192
2017-02-1008:18:19
redhat.com
access.redhat.com
11
EPSS
0.002
Percentile
58.7%
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Mitigation
Disable salt-api for mitigation.
Related
cvelist
cvelist
CVE-2017-5192
2017-09-26 14:00:00
ubuntucve
ubuntucve
CVE-2017-5192
2017-09-26 00:00:00
cve
cve
CVE-2017-5192
2017-09-26 14:29:00
veracode
veracode
Remote Code Execution (RCE)
2017-03-20 01:44:54
osv
osv
PYSEC-2017-38
2017-09-26 14:29:00
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
2022-05-17 00:34:42
CVE-2017-5192
2017-09-26 14:29:00
github
github
prion
prion
Authentication flaw
2017-09-26 14:29:00
debiancve
debiancve
CVE-2017-5192
2017-09-26 14:29:00
alpinelinux
alpinelinux
CVE-2017-5192
2017-09-26 14:29:00
nvd
nvd
CVE-2017-5192
2017-09-26 14:29:00
archlinux
archlinux
[ASA-201701-41] salt: multiple issues
2017-01-31 00:00:00
nessus
nessus
Photon OS 1.0: Salt PHSA-2018-1.0-0106
2019-02-07 00:00:00
Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated)
2018-08-17 00:00:00
photon
photon