Arbitrary Code Execution Affecting salt package, versions [,2015.8.13) [2016.3, 2016.3.5) [2016.11, 2016.11.2)
Threat Intelligence
EPSS
0.23% (62nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-SALT-40453
- published 7 Nov 2017
- disclosed 20 Mar 2017
- credit Unknown
Introduced: 20 Mar 2017
CVE-2017-5200 Open this link in a new tabOverview
salt
is a Portable, distributed, remote execution and configuration management system.
Affected versions of this package are vulnerable to Arbitrary Code Execution. When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
References
CVSS Scores
version 3.1