-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| salt | pip | < 2015.8.13 | 2015.8.13 |
| salt | pip | >= 2016.3.0, < 2016.11.5 | 2016.11.5 |
| salt | pip | >= 2016.11.7, < 2016.11.10 | 2016.11.10 |
| salt | pip | >= 2017.5.0, < 2017.7.8 | 2017.7.8 |
| salt | pip | >= 2018.2.0, <= 2018.3.5 | |
| salt | pip | >= 2019.2.0, < 2019.2.8 | 2019.2.8 |
| salt | pip | >= 3000, < 3000.7 | 3000.7 |
| salt | pip | >= 3001, < 3001.5 | 3001.5 |
| salt | pip | >= 3002, < 3002.3 | 3002.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of the 'ProxyCommand' SSH option in salt-api's SSH client. The SaltStack release notes for patched versions (3002.3, 3001.5, etc.) explicitly mention fixing this by removing 'ProxyCommand' from CLI and API-provided arguments. The SSH client logic in 'salt/client/ssh/client.py' is responsible for processing SSH options and constructing the command line. Functions like '_prep_ssh_options' (which processes options) and 'cmd_str' (which builds the final command) would be vulnerable if they allowed unsafe inclusion of 'ProxyCommand'. The high confidence stems from the direct correlation between the CVE description, the patch focus on SSH argument sanitization, and Salt's SSH client architecture.
PythonPythonOngoing coverage of React2Shell