AVG-159 log

Package salt
Status Fixed
Severity High
Type multiple issues
Affected 2016.11.1-1
Fixed 2016.11.2-1
Current 3004.1-2 [community]
Ticket None
Created Tue Jan 31 21:43:45 2017
Issue Severity Remote Type Description
CVE-2017-5200 High Yes Arbitrary command execution
Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt...
CVE-2017-5192 High No Arbitrary code execution
The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This...
Date Advisory Package Type
31 Jan 2017 ASA-201701-41 salt multiple issues