Your submission was sent successfully! Close

CVE-2019-17361

Published: 17 January 2020

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
salt
Launchpad, Ubuntu, Debian
bionic
Released (2017.7.4+dfsg1-1ubuntu18.04.2)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (2015.8.8+ds-1ubuntu0.1)