The host is installed with SaltStack Salt before 2019.2.4 or 3000.x before 3000.2 and is prone to an authentication vulnerability. A flaw exists exists within the application, which fails to properly handle an issue in the ClearFuncs class. Successful exploitation could allow remote attackers to gain root-equivalent access to the salt master and trigger minions to run arbitrary commands.