PYSEC-2017-33

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2017-33.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2017-33

Aliases

Published

2017-01-31T19:59:00Z

Modified

2024-04-29T17:12:08.539379Z

Summary

[none]

Details

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2015.5.10

Introduced

2015.8

Fixed

2015.8.8

Affected versions

0.*

0.8.7

0.8.9

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.11.0

0.11.1

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.90

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0rc1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

2014.*

2014.1.0rc1

2014.1.0rc2

2014.1.0rc3

2014.1.0

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.6

2014.1.7

2014.1.8

2014.1.9

2014.1.10

2014.1.11

2014.1.12

2014.1.13

2014.7.0rc1

2014.7.0rc2

2014.7.0rc3

2014.7.0rc4

2014.7.0rc5

2014.7.0rc6

2014.7.0rc7

2014.7.0

2014.7.1

2014.7.2

2014.7.3

2014.7.4

2014.7.5

2014.7.6

2014.7.7

2015.*

2015.2.0rc1

2015.2.0rc2

2015.5.0

2015.5.1

2015.5.2

2015.5.3

2015.5.4

2015.5.5

2015.5.6

2015.5.7

2015.5.8

2015.5.9

2015.8.0

2015.8.1

2015.8.2

2015.8.3

2015.8.4

2015.8.5

2015.8.7

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2017-33.yaml"