CVE-2019-1010259
Last modified
CVE-2019-1010259 is a vulnerability of currently unknown severity. SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. EPSS estimates a 1.88% chance of exploitation in the next 30 days.
Description
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Saltstack | Salt 2018 | 3.0 |
| Saltstack | Salt 2019 | 2.0 |
References
- https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7aPatch, Third Party Advisory
- https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534Exploit, Third Party Advisory
- https://github.com/saltstack/salt/pull/51462Issue Tracking, Patch, Third Party Advisory
- https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7aPatch, Third Party Advisory
- https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534Exploit, Third Party Advisory
- https://github.com/saltstack/salt/pull/51462Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1010259?
How severe is CVE-2019-1010259?
How do I fix CVE-2019-1010259?
Are you affected by CVE-2019-1010259?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST