CVE-2017-5200

Опубликовано: 20 янв. 2017

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

Отчет

This issue did not affect the versions of the salt as shipped with Red Hat Ceph Storage 1.3, Red Hat Ceph Storage 2, and Red Hat Storage Console 2 as salt-api and salt-ssh are not shipped with these products.

Меры по смягчению последствий

Disable salt-api for mitigation.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ceph Storage 1.3	salt	Not affected
Red Hat Ceph Storage 2	salt	Not affected
Red Hat Storage Console 2	salt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1418347salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client

EPSS

Процентиль: 79%

0.01262

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-5200

CVSS3: 8.8

ubuntu

больше 8 лет назад

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.

CVE-2017-5200

CVSS3: 8.8

nvd

больше 8 лет назад

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

CVE-2017-5200

CVSS3: 8.8

debian

больше 8 лет назад

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...

GHSA-8r7r-x48r-pf8f

CVSS3: 8.8

github

больше 3 лет назад

SaltStack Salt arbitrary command execution in Salt-api via ssh_client

SUSE-SU-2017:1582-1

suse-cvrf

больше 8 лет назад

Security update for Salt

EPSS

Процентиль: 79%

0.01262

Низкий

7.5 High

CVSS3