An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt API using the SSH client.
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt API using the SSH client.
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/02/2019.2.x.patch