CVE-2017-5200

Опубликовано: 26 сент. 2017

Источник: debian

EPSS Низкий

Описание

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
salt	fixed	2016.11.2+ds-1		package
salt	not-affected		jessie	package

Примечания

https://github.com/saltstack/salt/compare/c0e5a1171d7ce2ba8747a971c024632e0d96d848~1...97b0f64923bc5382531b931625267a3c30d2f17e

EPSS

Процентиль: 79%

0.01262

Низкий

Связанные уязвимости

CVE-2017-5200

CVSS3: 8.8

ubuntu

больше 8 лет назад

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.

CVE-2017-5200

CVSS3: 7.5

redhat

около 9 лет назад

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

CVE-2017-5200

CVSS3: 8.8

nvd

больше 8 лет назад

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

GHSA-8r7r-x48r-pf8f

CVSS3: 8.8

github

больше 3 лет назад

SaltStack Salt arbitrary command execution in Salt-api via ssh_client

SUSE-SU-2017:1582-1

suse-cvrf

больше 8 лет назад

Security update for Salt

EPSS

Процентиль: 79%

0.01262

Низкий