CVE-2017-5200

9 documents6 sources
Severity
8.8HIGH
EPSS
1.3%
top 20.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Saltstack Salt
Timeline
PublishedSep 26
Latest updateMay 13

Description

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDsaltstack/salt2015.8.12+8
PyPIsalt2016.3.02016.3.5+4

🔴Vulnerability Details

5
OSV
SaltStack Salt arbitrary command execution in Salt-api via ssh_client2022-05-13
GHSA
SaltStack Salt arbitrary command execution in Salt-api via ssh_client2022-05-13
OSV
CVE-2017-5200: Salt-api in SaltStack Salt before 20152017-09-26
OSV
CVE-2017-5200: Salt-api in SaltStack Salt before 20152017-09-26
CVEList
CVE-2017-5200: Salt-api in SaltStack Salt before 20152017-09-26

📋Vendor Advisories

1
Red Hat
salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client2017-01-20

💬Community

2
Bugzilla
CVE-2017-5192 CVE-2017-5200 CVE-2017-8109 salt: various flaws [epel-all]2017-02-01
Bugzilla
CVE-2017-5200 salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client2017-02-01
CVE-2017-5200 (HIGH CVSS 8.8) | Salt-api in SaltStack Salt before 2 | cvebase.io