GHSA-v2rp-9cpj-pfw2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v2rp-9cpj-pfw2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2rp-9cpj-pfw2/GHSA-v2rp-9cpj-pfw2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-v2rp-9cpj-pfw2
- Aliases
- Published
- 2022-05-17T03:01:32Z
- Modified
- 2024-10-21T21:41:00.674328Z
- Severity
-
- 5.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Salt Insecure configuration of PAM external authentication service
- Details
-
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
- Database specific
{ "cwe_ids": [ "CWE-287" ], "github_reviewed_at": "2024-04-29T16:48:48Z", "severity": "MODERATE", "nvd_published_at": "2017-01-31T19:59:00Z", "github_reviewed": true }- References
Affected packages
PyPI / salt
Package
- Name
- salt
- View open source insights on deps.dev
- Purl
- pkg:pypi/salt
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2015.5.10
Affected versions
0.*
0.8.7
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.9.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
2014.*
2014.1.0rc1
2014.1.0rc2
2014.1.0rc3
2014.1.0
2014.1.1
2014.1.2
2014.1.3
2014.1.4
2014.1.5
2014.1.6
2014.1.7
2014.1.8
2014.1.9
2014.1.10
2014.1.11
2014.1.12
2014.1.13
2014.7.0rc1
2014.7.0rc2
2014.7.0rc3
2014.7.0rc4
2014.7.0rc5
2014.7.0rc6
2014.7.0rc7
2014.7.0
2014.7.1
2014.7.2
2014.7.3
2014.7.4
2014.7.5
2014.7.6
2014.7.7
2015.*
2015.2.0rc1
2015.2.0rc2
2015.5.0
2015.5.1
2015.5.2
2015.5.3
2015.5.4
2015.5.5
2015.5.6
2015.5.7
2015.5.8
2015.5.9
PyPI / salt
Package
- Name
- salt
- View open source insights on deps.dev
- Purl
- pkg:pypi/salt