Salt prior to 2015.5.10 and 2015.8.x prior to 2015.8.8, when PAM external authentication is enabled, allows malicious users to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
saltstack salt 2015.8.7 |
||
saltstack salt 2015.8.5 |
||
saltstack salt 2015.8.4 |
||
saltstack salt 2015.8.3 |
||
saltstack salt 2015.8.1 |
||
saltstack salt |
||
saltstack salt 2015.8.2 |
||
saltstack salt 2015.8.0 |