CVE-2017-5200

HIGH8.8EPSS 0.97%

SaltStack Salt arbitrary command execution in Salt-api via ssh_client

發布日:2022/5/13修改日:2024/12/1

也稱為:GHSA-8r7r-x48r-pf8fPYSEC-2017-39

描述

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

受影響套件(2)

PyPI/saltfrom 0, < 2015.8.13
PyPI/saltfrom 0, < 2015.8.13, >= 2016.3, < 2016.3.5, >= 2016.11, < 2016.11.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-5200
PATCHhttps://github.com/saltstack/salt
WEBhttps://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
WEBhttps://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
WEBhttps://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-39.yaml