CVE-2017-5200
published 2017-09-26CVE-2017-5200: Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via…
PriorityP353high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
3.21%
86.5th percentile
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | <= 2015.8.12 | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | >= 0 < 2015.8.13 | 2015.8.13 |
| saltstack | salt | >= 2016.11 < 2016.11.2 | 2016.11.2 |
| saltstack | salt | >= 2016.11.0 < 2016.11.2 | 2016.11.2 |
| saltstack | salt | >= 2016.3 < 2016.3.5 | 2016.3.5 |
| saltstack | salt | >= 2016.3.0 < 2016.3.5 | 2016.3.5 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SaltStack Salt arbitrary command execution in Salt-api via ssh_client
osv·2022-05-13
CVE-2017-5200 [HIGH] SaltStack Salt arbitrary command execution in Salt-api via ssh_client
SaltStack Salt arbitrary command execution in Salt-api via ssh_client
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
GHSA
SaltStack Salt arbitrary command execution in Salt-api via ssh_client
ghsa·2022-05-13
CVE-2017-5200 [HIGH] SaltStack Salt arbitrary command execution in Salt-api via ssh_client
SaltStack Salt arbitrary command execution in Salt-api via ssh_client
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
OSV
CVE-2017-5200: Salt-api in SaltStack Salt before 2015
osv·2017-09-26·CVSS 8.8
CVE-2017-5200 [HIGH] CVE-2017-5200: Salt-api in SaltStack Salt before 2015
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.
OSV
CVE-2017-5200: Salt-api in SaltStack Salt before 2015
osv·2017-09-26
CVE-2017-5200 CVE-2017-5200: Salt-api in SaltStack Salt before 2015
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
Red Hat
salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
vendor_redhat·2017-01-20·CVSS 8.8
CVE-2017-5200 [HIGH] salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
Statement: This issue did not affect the versions of the salt as shipped with Red Hat Ceph Storage 1.3, Red Hat Ceph Storage 2, and Red Hat Storage Console 2 as salt-api and salt-ssh are not shipped with these products.
Mitigation: Disable salt-api for mitigation.
Package: salt (Red Hat Ceph Storage 1.3) - Not affected
Package: salt (Red Hat Ceph Storage 2) - Not affected
Package: salt (Red Hat Storage Console 2) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-5192 CVE-2017-5200 CVE-2017-8109 salt: various flaws [epel-all]
bugzilla·2017-02-01·CVSS 8.8
CVE-2017-5192 [HIGH] CVE-2017-5192 CVE-2017-5200 CVE-2017-8109 salt: various flaws [epel-all]
CVE-2017-5192 CVE-2017-5200 CVE-2017-8109 salt: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fed
Bugzilla
CVE-2017-5200 salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
bugzilla·2017-02-01·CVSS 8.8
CVE-2017-5200 [HIGH] CVE-2017-5200 salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
CVE-2017-5200 salt: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.
References:
https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
Discussion:
Created salt tracking bugs for this issue:
Affects: epel-all [bug 1418350]
---
Mitigation:
Disable salt-api for mitigation.
---
Statement:
This issue did not affect the versions of the salt as shipped with Red Hat Ceph Storage 1.3, Red Hat Ceph Storage 2, and Red Hat Storage Console 2 as salt-api and salt-ssh are not shipped with these products.
---
Upstream Fixes:
https://github.com/saltstack/salt/pull/38743
https://github.com/saltstack/salt/pull/38759
https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.htmlhttps://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2016.11.2.htmlhttps://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.htmlhttps://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
2017-09-26
Published