CVE-2017-5192 - log back

CVE-2017-5192 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-api as the `root` user.
References
+ https://groups.google.com/forum/#!msg/salt-announce/eP_kQiQdnvo/6cvBrwsqCAAJ
Notes