VYPR
High severity8.8NVD Advisory· Published Sep 26, 2017· Updated Jun 17, 2026

CVE-2017-5192

CVE-2017-5192

Description

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
< 2015.8.132015.8.13
saltPyPI
>= 2016.3.0, < 2016.3.52016.3.5
saltPyPI
>= 2016.11.0, < 2016.11.22016.11.2

Affected products

10
  • Saltstack/Salt9 versions
    cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*range: <=2015.8.12
    • cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2016.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2016.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2016.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2016.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2016.3.4:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2015.8.13

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.