---

CVE-2019-17361 - log back

CVE-2019-17361 edited at 31 Jan 2020 11:38:38
References	+ https://github.com/saltstack/salt/commit/bca115f3f00fbde564dd2f12bf036b5d2fd08387

CVE-2019-17361 edited at 16 Jan 2020 20:43:08
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary command execution
Description	+ With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally, when the raw_shell option is specified any arbitrary command may be run on the Salt master when specifying SSH options.
References
Notes	+ This is technically both an auth bypass and a RCE. I opted for RCE as this seems to be the more impactful one

CVE-2019-17361 created at 16 Jan 2020 20:41:53