---

CVE-2017-5192 - log back

CVE-2017-5192 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-api as the `root` user.
References	+ https://groups.google.com/forum/#!msg/salt-announce/eP_kQiQdnvo/6cvBrwsqCAAJ
Notes