CVE-2017-5192 -- salt-commonID: oval:org.secpod.oval:def:1901102 | Date: (C)2019-03-22 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
When using the local_batch client from salt-common-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. The LocalClient.cmd_batch method client does not accept external_auth credentials and so access to it from salt-common-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-common-api as the root user.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |