Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-common-master via Salt"s ssh_client. Users of Salt-API and salt-common-ssh could execute a command on the salt-common master via a hole when both systems were enabled.