High severity8.8NVD Advisory· Published Sep 26, 2017· Updated May 13, 2026
CVE-2017-5200
CVE-2017-5200
Description
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 2015.8.13 | 2015.8.13 |
saltPyPI | >= 2016.3.0, < 2016.3.5 | 2016.3.5 |
saltPyPI | >= 2016.11.0, < 2016.11.2 | 2016.11.2 |
Affected products
9cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*range: <=2015.8.12
- cpe:2.3:a:saltstack:salt:2016.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.htmlnvdRelease NotesVendor AdvisoryWEB
- docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.htmlnvdRelease NotesVendor AdvisoryWEB
- docs.saltstack.com/en/latest/topics/releases/2016.11.2.htmlnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-8r7r-x48r-pf8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5200ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-39.yamlghsaWEB
News mentions
0No linked articles in our index yet.