Authentication Bypass Vulnerability in SaltStack Salt

Authentication Bypass Vulnerability in SaltStack Salt

CVE-2017-5192 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

Learn more about our Api Penetration Testing.