| 1234567891011121314151617 |
- =============================
- Salt 2016.11.10 Release Notes
- =============================
- Version 2016.11.10 is a security release for :ref:`2016.11.0 <release-2016-11-0>`.
- Changes for v2016.11.9..v2016.11.10
- -----------------------------------
- Security Fix
- ============
- CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.
- CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
- Credit and thanks for discovery and responsible disclosure: nullbr4in, xcuter, koredge, loupos, blackcon, Naver Business Platform
|
