Описание
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-5192
- https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
- https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-38.yaml
Пакеты
salt
< 2015.8.13
2015.8.13
salt
>= 2016.3.0, < 2016.3.5
2016.3.5
salt
>= 2016.11.0, < 2016.11.2
2016.11.2
Связанные уязвимости
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. The LocalClient.cmd_batch() method client does not accept external_auth credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-api as the root user.
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
When using the local_batch client from salt-api in SaltStack Salt befo ...