CVE-2019-17361 vulnerability in SaltStack and Other Products
Published on January 17, 2020

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-17361

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-17361 are published in these products:

SaltStack Salt

Debian Linux

OpenSuse Leap

Canonical Ubuntu Linux

Exploit Probability

EPSS

18.52%

Percentile

95.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-17361 vulnerability in SaltStack and Other ProductsPublished on January 17, 2020

Products Associated with CVE-2019-17361

Exploit Probability

CVE-2019-17361 vulnerability in SaltStack and Other Products
Published on January 17, 2020