CVE-2018-15751: salt: Remote command execution and incorrect access control when using salt-api

Severity: Critical

CVSS Score: 9.8

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).