GHSA-f2h7-4f84-8qrm

Source

https://github.com/advisories/GHSA-f2h7-4f84-8qrm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f2h7-4f84-8qrm/GHSA-f2h7-4f84-8qrm.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-f2h7-4f84-8qrm

Aliases

Published

2022-05-17T00:34:42Z

Modified

2024-10-21T21:24:12.568746Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

SaltStack Salt Authentication Bypass when using the local_batch client from salt-api

Details

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

Database specific

{
    "nvd_published_at": "2017-09-26T14:29:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T22:20:10Z"
}

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2015.8.13

Affected versions

0.*

0.8.7

0.8.9

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.11.0

0.11.1

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.90

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0rc1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

2014.*

2014.1.0rc1

2014.1.0rc2

2014.1.0rc3

2014.1.0

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.6

2014.1.7

2014.1.8

2014.1.9

2014.1.10

2014.1.11

2014.1.12

2014.1.13

2014.7.0rc1

2014.7.0rc2

2014.7.0rc3

2014.7.0rc4

2014.7.0rc5

2014.7.0rc6

2014.7.0rc7

2014.7.0

2014.7.1

2014.7.2

2014.7.3

2014.7.4

2014.7.5

2014.7.6

2014.7.7

2015.*

2015.2.0rc1

2015.2.0rc2

2015.5.0

2015.5.1

2015.5.2

2015.5.3

2015.5.4

2015.5.5

2015.5.6

2015.5.7

2015.5.8

2015.5.9

2015.5.10

2015.5.11

2015.8.0rc1

2015.8.0rc2

2015.8.0rc3

2015.8.0rc4

2015.8.0rc5

2015.8.0

2015.8.1

2015.8.2

2015.8.3

2015.8.4

2015.8.5

2015.8.7

2015.8.8

2015.8.8.2

2015.8.9

2015.8.10

2015.8.11

2015.8.12

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f2h7-4f84-8qrm/GHSA-f2h7-4f84-8qrm.json"

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2016.3.0

Fixed

2016.3.5

Affected versions

2016.*

2016.3.0

2016.3.1

2016.3.2

2016.3.3

2016.3.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f2h7-4f84-8qrm/GHSA-f2h7-4f84-8qrm.json"

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2016.11.0

Fixed

2016.11.2

Affected versions

2016.*

2016.11.0

2016.11.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f2h7-4f84-8qrm/GHSA-f2h7-4f84-8qrm.json"