CVE-2016-3176 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0 <2015.5.10 || >=2015.8 <2015.8.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00167 pctl0.38264

Details

Salt Insecure configuration of PAM external authentication service Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Metadata

Created: 2022-05-17T03:01:32Z
Modified: 2024-10-21T21:27:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2rp-9cpj-pfw2/GHSA-v2rp-9cpj-pfw2.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-v2rp-9cpj-pfw2
Finding: F039
Auto approve: 1