← Back

CVE-2016-3176

nvd nist
Published: Jan 31, 2017Modified: May 13, 2026

JSON object

Loading...
5.6
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 2.2 / Impact: 3.4
Source: NVD

Description

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Affected (8)

Products: Saltstack: Salt
Saltstack
1 product
Salt
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Saltstack
Salt
Up to 2015.5.9
Salt
Version 2015.8.0
Salt
Version 2015.8.1
Salt
Version 2015.8.2
Salt
Version 2015.8.3
Salt
Version 2015.8.4
Salt
Version 2015.8.5
Salt
Version 2015.8.7

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.