Описание
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | released | 2017.7.4+dfsg1-1ubuntu18.04.2+esm1 |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Уязвимость функции salt.utils.thin.gen_thin() системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю выполнять произвольные команды в целевой системе
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3