CVE-2017-5200 log

Source
Severity High
Remote Yes
Type Arbitrary command execution
Description
Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.
Group Package Affected Fixed Severity Status Ticket
AVG-159 salt 2016.11.1-1 2016.11.2-1 High Fixed
Date Advisory Group Package Severity Description
31 Jan 2017 ASA-201701-41 AVG-159 salt High multiple issues
References
https://groups.google.com/forum/#!msg/salt-announce/eP_kQiQdnvo/6cvBrwsqCAAJ