High severity8.8NVD Advisory· Published Sep 26, 2017· Updated Jun 17, 2026
CVE-2017-5200
CVE-2017-5200
Description
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 2015.8.13 | 2015.8.13 |
saltPyPI | >= 2016.3.0, < 2016.3.5 | 2016.3.5 |
saltPyPI | >= 2016.11.0, < 2016.11.2 | 2016.11.2 |
Affected products
19cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*range: <=2015.8.12
- cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.4:*:*:*:*:*:*:*
- ghsa-coords10 versionspkg:pypi/saltpkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%203pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.0
< 2015.8.13+ 9 more
- (no CPE)range: < 2015.8.13
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-42.2
- (no CPE)range: < 2016.11.4-42.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
Patches
Vulnerability mechanics
References
6- docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.htmlnvdRelease NotesVendor AdvisoryWEB
- docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.htmlnvdRelease NotesVendor AdvisoryWEB
- docs.saltstack.com/en/latest/topics/releases/2016.11.2.htmlnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-8r7r-x48r-pf8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5200ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-39.yamlghsaWEB
News mentions
0No linked articles in our index yet.