CVE-2019-1010259

CRITICAL

SaltStack Salt <2019.2 - SQL Injection

Title source: llm
STIX 2.1

Description

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0188
EPSS Percentile 77.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (3)
pypi/salt 2018.3.0 - 2018.3.4PyPI
saltstack/salt_2018 3.0
saltstack/salt_2019 2.0
Published Jul 18, 2019
Tracked Since Feb 18, 2026