Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-26T14:00:00

Updated: 2024-08-05T14:55:35.542Z

Reserved: 2017-01-06T00:00:00

Link: CVE-2017-5200

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2017-09-26T14:29:00.597

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-5200

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-01-20T00:00:00Z

Links: CVE-2017-5200 - Bugzilla