ALT-PU-2016-1941-1

Package update salt in branch p8

Version2016.3.3-alt1

Published2016-09-07

Max severityCRITICAL

Severity:

Closed issues (2)

MEDIUM5.6

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Published: 2017-01-31Modified: 2025-04-20

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.6

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

CRITICAL9.1

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

Published: 2017-02-07Modified: 2025-04-20

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Closed bugs (1)

Обновить версию