PT-2021-28363 · Saltstack · Saltstack Salt
Published
2021-02-27
·
Updated
2021-02-27
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions:
SaltStack Salt versions prior to 3002.5
Description:
An issue was discovered in the salt-api's ssh client, which is vulnerable to shell injection. This can occur by including ProxyCommand in an argument or via ssh options provided in an API request.
Recommendations:
For versions prior to 3002.5, update to version 3002.5 or later to resolve the issue.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Saltstack Salt