← back
CVE-2017-5192

CVE-2017-5192

EPSS 1.7%
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.htmlhttps://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html