Salt 3000.5 Release Notes
Version 3000.5 is a CVE fix release for 3000.
Fixed
- Properly validate eauth credentials and tokens along with their ACLs.
Prior to this change eauth was not properly validated when calling
Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user
to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)
