Arbitrary Command Execution Affecting salt package, versions [,2017.7.8) [2018.0.0, 2018.3.3)
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Integrity
High
Threat Intelligence
EPSS
2.94% (91st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-SALT-72538
- published 28 Oct 2018
- disclosed 24 Oct 2018
- credit Unknown
Introduced: 24 Oct 2018
CVE-2018-15751 Open this link in a new tabHow to fix?
Upgrade salt
to version 2017.7.8, 2018.3.3 or higher.
Overview
salt is a software to automate the management and configuration of any infrastructure or application at scale.
Affected versions of this package are vulnerable to Arbitrary Command Execution and Authentication Bypass via the salt-api
.