CVE-2017-5192

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-5192
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5192.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-5192
Aliases
Downstream
Published
2017-09-26T14:29:00.563Z
Modified
2026-05-30T10:24:20.961604Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
399e9f57cc9611d385ddf86a0792b9f16dd95f75
Last affected
11acecc43e2c2e4e9a0e73d76b46b035afe8d538
Last affected
06f249901a2e2f1ed310d58ea3921a129f214358
Last affected
721e6dcce87afef13b47cbbd419bf22fc2d5c0bd
Last affected
21c9c2d025b58ae32a859c3c99b453f8420afe1c
Last affected
7d79ea784414fc73afc85086ce912fda83f3497d
Last affected
f44724cca5147595557cba04ff215ee31c35fe73
Last affected
f7294dc85bdd975022f53cfb241877059208f82b
Last affected
ec59ae67c82e2bc63e16b05d95492a0756257207
Database specific 
{
    "cpe": [
        "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.3.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.3.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.12"
        },
        {
            "last_affected": "2016.3.0"
        },
        {
            "last_affected": "2016.3.1"
        },
        {
            "last_affected": "2016.3.2"
        },
        {
            "last_affected": "2016.3.3"
        },
        {
            "last_affected": "2016.3.4"
        },
        {
            "last_affected": "2016.11.0"
        },
        {
            "last_affected": "2016.11.1"
        },
        {
            "last_affected": "2016.11.2"
        }
    ]
}

Affected versions

v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.9
v2014.*
v2014.1
v2014.7
v2015.*
v2015.2
v2015.5
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.11
v2015.8.12
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.8
v2015.8.9
v2016.*
v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.2
v2016.3
v2016.3.0
v2016.3.0rc0
v2016.3.0rc1
v2016.3.0rc2
v2016.3.0rc3
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.4
v2016.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5192.json"