Critical severityNVD Advisory· Published Oct 24, 2018· Updated Aug 5, 2024
CVE-2018-15751
CVE-2018-15751
Description
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | >= 2017.7.0, < 2017.7.8 | 2017.7.8 |
saltPyPI | >= 2018.3.0, < 2018.3.3 | 2018.3.3 |
saltPyPI | >= 2016.11.0, < 2016.11.10 | 2016.11.10 |
Affected products
39- ghsa-coords39 versionspkg:pypi/saltpkg:rpm/opensuse/python-distro&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Transactional%20Server%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%204.0
>= 2017.7.0, < 2017.7.8+ 38 more
- (no CPE)range: >= 2017.7.0, < 2017.7.8
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 3000-lp151.5.21.1
- (no CPE)range: < 3002.2-lp152.3.36.1
- (no CPE)range: < 2016.11.10-6.15.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 2018.3.0-5.20.1
- (no CPE)range: < 3000-6.37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3000-6.37.1
- (no CPE)range: < 2018.3.0-5.20.1
- (no CPE)range: < 3000-6.37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 2016.11.10-43.38.1
- (no CPE)range: < 2016.11.10-43.38.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 2018.3.0-46.44.1
- (no CPE)range: < 3002.2-37.1
Patches
Vulnerability mechanics
References
14- lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-x549-r7m8-gv63ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-15751ghsaADVISORY
- usn.ubuntu.com/4459-1/mitrevendor-advisoryx_refsource_UBUNTU
- docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.htmlghsax_refsource_CONFIRMWEB
- docs.saltstack.com/en/latest/topics/releases/2018.3.3.htmlghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-30.yamlghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2016.11.10.rstghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2017.7.8.rstghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2018.3.3.rstghsaWEB
- groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJghsamailing-listx_refsource_MLISTWEB
- groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2020/07/msg00024.htmlghsamailing-listx_refsource_MLISTWEB
- usn.ubuntu.com/4459-1ghsaWEB
News mentions
0No linked articles in our index yet.