CVE-2017-5192 log

Severity High
Remote No
Type Arbitrary code execution
The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-api as the `root` user.
Group Package Affected Fixed Severity Status Ticket
AVG-159 salt 2016.11.1-1 2016.11.2-1 High Fixed
Date Advisory Group Package Severity Type
31 Jan 2017 ASA-201701-41 AVG-159 salt High multiple issues