CVE-2019-17361

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17361
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17361.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17361
Aliases
Related
Published
2020-01-17T02:15:11Z
Modified
2024-10-12T04:35:19.229670Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5
old-branch-2015.8

old-branch-2016.*

old-branch-2016.3

v0.*

v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9

v2014.*

v2014.1
v2014.7
v2014.7.0
v2014.7.0rc1
v2014.7.0rc2
v2014.7.0rc3
v2014.7.0rc4
v2014.7.0rc5
v2014.7.0rc6
v2014.7.0rc7
v2014.7.1
v2014.7.2
v2014.7.3
v2014.7.4
v2014.7.5
v2014.7.6
v2014.7.7
v2014.7.8
v2014.7.9

v2015.*

v2015.2
v2015.2.0rc1
v2015.2.0rc2
v2015.5
v2015.5.0
v2015.5.1
v2015.5.11
v2015.5.2
v2015.5.3
v2015.5.4
v2015.5.5
v2015.5.6
v2015.5.7
v2015.5.8
v2015.5.9
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.11
v2015.8.12
v2015.8.13
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.8
v2015.8.9

v2016.*

v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.2
v2016.11.3
v2016.11.4
v2016.11.5
v2016.11.6
v2016.11.9
v2016.3
v2016.3.0
v2016.3.0rc0
v2016.3.0rc1
v2016.3.0rc2
v2016.3.0rc3
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.4
v2016.3.5
v2016.3.6
v2016.9

v2017.*

v2017.5
v2017.7
v2017.7.0
v2017.7.0rc1
v2017.7.1
v2017.7.2
v2017.7.3
v2017.7.4
v2017.7.5
v2017.7.6
v2017.7.7
v2017.7.8

v2018.*

v2018.11
v2018.2
v2018.3
v2018.3.0
v2018.3.0rc1
v2018.3.1
v2018.3.2
v2018.3.3

v2019.*

v2019.2
v2019.2.0
v2019.2.0rc1
v2019.2.0rc2