CVE-2017-5192

CWE-287Improper Authentication9 documents6 sources
Severity
8.8HIGH
EPSS
0.1%
top 64.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Saltstack Salt
Timeline
PublishedSep 26
Latest updateMay 17

Description

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDsaltstack/salt2015.8.12+8
PyPIsalt2016.32016.3.5+4

🔴Vulnerability Details

5
OSV
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api2022-05-17
GHSA
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api2022-05-17
OSV
CVE-2017-5192: When using the local_batch client from salt-api in SaltStack Salt before 20152017-09-26
OSV
CVE-2017-5192: When using the local_batch client from salt-api in SaltStack Salt before 20152017-09-26
CVEList
CVE-2017-5192: When using the local_batch client from salt-api in SaltStack Salt before 20152017-09-26

📋Vendor Advisories

1
Red Hat
salt: local_batch client external authentication not respected2017-01-20

💬Community

2
Bugzilla
CVE-2017-5192 salt: local_batch client external authentication not respected2017-02-01
Bugzilla
CVE-2017-5192 CVE-2017-5200 CVE-2017-8109 salt: various flaws [epel-all]2017-02-01
CVE-2017-5192 (HIGH CVSS 8.8) | When using the local_batch client f | cvebase.io