Salt 3002.1 Release Notes

Version 3002.1 is a CVE fix release for 3002.

Fixed

  • Prevent shell injections in netapi ssh client (cve-2020-16846)

  • Prevent creating world readable private keys with the tls execution module. (cve-2020-17490)

  • Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)

Generated on October 23, 2024 at 09:02:06 UTC.

You are viewing docs for the latest stable release, 3007.1. Switch to docs for the previous stable release, 3006.9, or to a recent doc build from the master branch.


saltproject.io

© 2024 VMware, Inc. | Privacy Policy