CVE-2017-5200 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary command execution |
| Description | Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-159 | salt | 2016.11.1-1 | 2016.11.2-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 31 Jan 2017 | ASA-201701-41 | AVG-159 | salt | High | multiple issues |
| References |
|---|
https://groups.google.com/forum/#!msg/salt-announce/eP_kQiQdnvo/6cvBrwsqCAAJ |