Описание
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
EPSS
Процентиль: 8%
0.00033
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 6.7
ubuntu
3 месяца назад
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
CVSS3: 6.7
debian
3 месяца назад
An attacker with access to a minion key can exploit the 'on demand' pi ...
CVSS3: 6.7
github
3 месяца назад
Salt's on demand pillar functionality vulnerable to arbitrary command injections
EPSS
Процентиль: 8%
0.00033
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-77