It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication. (CVE-2020-11651, CVE-2020-11652)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "salt-ssh": "0.17.5+ds-1ubuntu0.1~esm2", "salt-master": "0.17.5+ds-1ubuntu0.1~esm2", "salt-doc": "0.17.5+ds-1ubuntu0.1~esm2", "salt-common": "0.17.5+ds-1ubuntu0.1~esm2", "salt-minion": "0.17.5+ds-1ubuntu0.1~esm2", "salt-syndic": "0.17.5+ds-1ubuntu0.1~esm2" } ] }