CVE-2019-17361

Sažetak

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

Reference

https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix
https://github.com/saltstack/salt/commits/master
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html
https://www.debian.org/security/2020/dsa-4676
https://usn.ubuntu.com/4459-1/

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

31-01-2023 - 21:03

Objavljeno

17-01-2020 - 02:15