SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allow remote malicious users to bypass authentication and execute arbitrary commands via salt-api(netapi).
SaltStack Salt before 201778 and 20183x before 201833 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi) ...