{"id":"CVE-2017-5192","details":"When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.","aliases":["GHSA-f2h7-4f84-8qrm","PYSEC-2017-38"],"modified":"2026-04-10T04:01:38.044475Z","published":"2017-09-26T14:29:00.563Z","references":[{"type":"ADVISORY","url":"https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html"},{"type":"ADVISORY","url":"https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html"},{"type":"ADVISORY","url":"https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/saltstack/salt","events":[{"introduced":"0"},{"last_affected":"399e9f57cc9611d385ddf86a0792b9f16dd95f75"},{"introduced":"0"},{"last_affected":"11acecc43e2c2e4e9a0e73d76b46b035afe8d538"},{"introduced":"0"},{"last_affected":"06f249901a2e2f1ed310d58ea3921a129f214358"},{"introduced":"0"},{"last_affected":"721e6dcce87afef13b47cbbd419bf22fc2d5c0bd"},{"introduced":"0"},{"last_affected":"21c9c2d025b58ae32a859c3c99b453f8420afe1c"},{"introduced":"0"},{"last_affected":"7d79ea784414fc73afc85086ce912fda83f3497d"},{"introduced":"0"},{"last_affected":"f44724cca5147595557cba04ff215ee31c35fe73"},{"introduced":"0"},{"last_affected":"f7294dc85bdd975022f53cfb241877059208f82b"},{"introduced":"0"},{"last_affected":"ec59ae67c82e2bc63e16b05d95492a0756257207"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2015.8.12"},{"introduced":"0"},{"last_affected":"2016.3.0"},{"introduced":"0"},{"last_affected":"2016.3.1"},{"introduced":"0"},{"last_affected":"2016.3.2"},{"introduced":"0"},{"last_affected":"2016.3.3"},{"introduced":"0"},{"last_affected":"2016.3.4"},{"introduced":"0"},{"last_affected":"2016.11.0"},{"introduced":"0"},{"last_affected":"2016.11.1"},{"introduced":"0"},{"last_affected":"2016.11.2"}]}}],"versions":["v0.10.0","v0.10.1","v0.10.2","v0.10.3","v0.10.4","v0.10.5","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.16","v0.17","v0.6.0","v0.7.0","v0.8.0","v0.8.7","v0.8.9","v0.9.0","v0.9.1","v0.9.2","v0.9.3","v0.9.9","v2014.1","v2014.7","v2015.2","v2015.5","v2015.8","v2015.8.0","v2015.8.0rc1","v2015.8.0rc2","v2015.8.0rc3","v2015.8.0rc4","v2015.8.0rc5","v2015.8.1","v2015.8.11","v2015.8.12","v2015.8.2","v2015.8.3","v2015.8.4","v2015.8.8","v2015.8.9","v2016.11","v2016.11.0","v2016.11.0rc1","v2016.11.0rc2","v2016.11.1","v2016.11.2","v2016.3","v2016.3.0","v2016.3.0rc0","v2016.3.0rc1","v2016.3.0rc2","v2016.3.0rc3","v2016.3.1","v2016.3.2","v2016.3.3","v2016.3.4","v2016.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5192.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}