Salt 3000.5 Release Notes

Version 3000.5 is a CVE fix release for 3000.

Fixed

  • Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)

Generated on May 27, 2026 at 11:05:46 UTC.

You are viewing docs built from a recent snapshot of the master branch. Switch to docs for the latest stable release, 3008.0.


saltproject.io

© 2026 VMware, Inc. | Privacy Policy