Download
| Alert*
|
oval:org.secpod.oval:def:1800438
CVE-2017-5192: local_batch client external authentication not respected The `LocalClient.cmd_batch` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already- authenticated users and is o ... oval:org.secpod.oval:def:1901102 When using the local_batch client from salt-common-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. The LocalClient.cmd_batch method client does not accept external_ ... |
