CVE-2017-5192

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

Date published : 2017-09-26

https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html

https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html