Описание
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Ссылки
- Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.htmlExploitThird Party AdvisoryVDB Entry
- Release Notes
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Release Notes
- Third Party Advisory
- Mailing ListThird Party Advisory
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.htmlExploitThird Party AdvisoryVDB Entry
- Release Notes
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Release Notes
Уязвимые конфигурации
Одно из
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
An issue was discovered in SaltStack Salt through 3002. Sending crafte ...
SaltStack Salt Command Injection in netapi ssh client
Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt, связанная с отсутствием мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2