Описание
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
A flaw was found in Salt. The Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Salt has been deprecated as of Red Hat Ceph Storage 2.5, as Salt was used to install RHSCON-2 and RHSCON-2 has reached End Of Life.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | salt | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю выполнять произвольные команды с повышенными привилегиями
EPSS
7.5 High
CVSS3