CVE-2017-5192 log

Source
Severity High
Remote No
Type Arbitrary code execution
Description
The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-api as the `root` user.
Group Package Affected Fixed Severity Status Ticket
AVG-159 salt 2016.11.1-1 2016.11.2-1 High Fixed
Date Advisory Group Package Severity Description
31 Jan 2017 ASA-201701-41 AVG-159 salt High multiple issues
References
https://groups.google.com/forum/#!msg/salt-announce/eP_kQiQdnvo/6cvBrwsqCAAJ