Name of the Vulnerable Software and Affected Versions SaltStack Salt versions 2018.3 through 2018.3.3 SaltStack Salt version 2019.2

Description The issue allows an attacker to escalate privileges on a MySQL server deployed by a cloud provider, leading to remote code execution (RCE). This is achieved through a specially crafted password string, exploiting the mysql.user chpass function from the MySQL module for Salt.

Recommendations For SaltStack Salt versions 2018.3 through 2018.3.3, update to version 2018.3.4 to resolve the issue. For SaltStack Salt version 2019.2, update to a version that includes the fix, as the specific fixed version for 2019.2 is not provided.