Vulnerability Description
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Saltstack | Salt 2018 | 3.0 |
| Saltstack | Salt 2019 | 2.0 |
Related Weaknesses (CWE)
References
- https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7PatchThird Party Advisory
- https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/ExploitThird Party Advisory
- https://github.com/saltstack/salt/pull/51462Issue TrackingPatchThird Party Advisory
- https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7PatchThird Party Advisory
- https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/ExploitThird Party Advisory
- https://github.com/saltstack/salt/pull/51462Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2019-1010259?
CVE-2019-1010259 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mys...
How severe is CVE-2019-1010259?
CVE-2019-1010259 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-1010259?
Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt 2018, Saltstack Salt 2019.