Lucene search
Veracode Vulnerability DatabaseVERACODE:3684HistoryMar 20, 2017 - 1:44 a.m.
Remote Code Execution (RCE)
2017-03-2001:44:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
EPSS
0.002
Percentile
58.7%
Salt is vulnerable to remote code execution (RCE). The local_batch client external authentication does not accept external_auth credentials. This allows code execution for already-authenticated users and is only in effect when running salt-api as the root user.
Related
redhatcve
redhatcve
CVE-2017-5192
2017-02-10 08:18:19
cvelist
cvelist
CVE-2017-5192
2017-09-26 14:00:00
osv
osv
PYSEC-2017-38
2017-09-26 14:29:00
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
2022-05-17 00:34:42
CVE-2017-5192
2017-09-26 14:29:00
github
github
ubuntucve
ubuntucve
CVE-2017-5192
2017-09-26 00:00:00
cve
cve
CVE-2017-5192
2017-09-26 14:29:00
prion
prion
Authentication flaw
2017-09-26 14:29:00
debiancve
debiancve
CVE-2017-5192
2017-09-26 14:29:00
alpinelinux
alpinelinux
CVE-2017-5192
2017-09-26 14:29:00
nvd
nvd
CVE-2017-5192
2017-09-26 14:29:00
archlinux
archlinux
[ASA-201701-41] salt: multiple issues
2017-01-31 00:00:00
nessus
nessus
Photon OS 1.0: Salt PHSA-2018-1.0-0106
2019-02-07 00:00:00
Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated)
2018-08-17 00:00:00
photon
photon