saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
salt/doc/topics/releases/3000.5.rst
Pedro Algarvio 6c819439b5 Add a few more nice to have hooks 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
2023-02-07 07:10:13 +00:00

476 B
Raw Blame History

Salt 3000.5 Release Notes

Version 3000.5 is a CVE fix release for 3000 <release-3000>.

Fixed

  • Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)