FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

salt -- salt-api vulnerability

Affected packages
py27-salt < 2019.2.3
py32-salt < 2019.2.3
py33-salt < 2019.2.3
py34-salt < 2019.2.3
py35-salt < 2019.2.3
py36-salt < 2019.2.3
py37-salt < 2019.2.3
py38-salt < 2019.2.3


VuXML ID 8c98e643-6008-11ea-af63-38d547003487
Discovery 2020-01-15
Entry 2020-03-07

SaltStack reports:

With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH.

Additionally, when the raw_shell option is specified any arbitrary command may be run on the Salt master when specifying SSH options.


CVE Name CVE-2019-17361