EPSS
Percentile
61.7%
Salt is vulnerable to remote code execution (RCE). Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems are enabled.
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5200
docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
docs.saltstack.com/en/latest/topics/releases/2016.11.2.html