CVE-2019-17361

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-17361

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17361.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-17361

Aliases

Related

Published

2020-01-17T02:15:11Z

Modified

2024-08-16T03:23:23.024960Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type: GIT
Repo: https://github.com/saltstack/salt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0ca04ffbebb9daeb8469a6e80d868b8a6524bd99

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5

old-branch-2015.8

old-branch-2016.*

old-branch-2016.3

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16

v0.17

v0.6.0

v0.7.0

v0.8.0

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v2014.*

v2014.1

v2014.7

v2014.7.0

v2014.7.0rc1

v2014.7.0rc2

v2014.7.0rc3

v2014.7.0rc4

v2014.7.0rc5

v2014.7.0rc6

v2014.7.0rc7

v2014.7.1

v2014.7.2

v2014.7.3

v2014.7.4

v2014.7.5

v2014.7.6

v2014.7.7

v2014.7.8

v2014.7.9

v2015.*

v2015.2

v2015.2.0rc1

v2015.2.0rc2

v2015.5

v2015.5.0

v2015.5.1

v2015.5.11

v2015.5.2

v2015.5.3

v2015.5.4

v2015.5.5

v2015.5.6

v2015.5.7

v2015.5.8

v2015.5.9

v2015.8

v2015.8.0

v2015.8.0rc1

v2015.8.0rc2

v2015.8.0rc3

v2015.8.0rc4

v2015.8.0rc5

v2015.8.1

v2015.8.11

v2015.8.12

v2015.8.13

v2015.8.2

v2015.8.3

v2015.8.4

v2015.8.8

v2015.8.9

v2016.*

v2016.11

v2016.11.0

v2016.11.0rc1

v2016.11.0rc2

v2016.11.1

v2016.11.2

v2016.11.3

v2016.11.4

v2016.11.5

v2016.11.6

v2016.11.9

v2016.3

v2016.3.0

v2016.3.0rc0

v2016.3.0rc1

v2016.3.0rc2

v2016.3.0rc3

v2016.3.1

v2016.3.2

v2016.3.3

v2016.3.4

v2016.3.5

v2016.3.6

v2016.9

v2017.*

v2017.5

v2017.7

v2017.7.0

v2017.7.0rc1

v2017.7.1

v2017.7.2

v2017.7.3

v2017.7.4

v2017.7.5

v2017.7.6

v2017.7.7

v2017.7.8

v2018.*

v2018.11

v2018.2

v2018.3

v2018.3.0

v2018.3.0rc1

v2018.3.1

v2018.3.2

v2018.3.3

v2019.*

v2019.2

v2019.2.0

v2019.2.0rc1

v2019.2.0rc2