{"id":"CVE-2019-1010259","details":"SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.","aliases":["GHSA-h8xp-h3jf-wv4v","PYSEC-2019-119"],"modified":"2026-03-14T14:37:00.349902Z","published":"2019-07-18T17:15:11.567Z","references":[{"type":"FIX","url":"https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a"},{"type":"FIX","url":"https://github.com/saltstack/salt/pull/51462"},{"type":"EVIDENCE","url":"https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010259.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}