EPSS
Percentile
61.7%
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt’s ssh_client.
Disable salt-api for mitigation.
bugzilla.redhat.com/show_bug.cgi?id=1418347