CVE-2020-11651
SaltStack Salt Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
11Exploited in Wild
YesDecision
Descriptions
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Se ha descubierto un fallo de salto de archivo en todas las versiones de ansible-engine 2.9.x anteriores a la versión 2.9.7, cuando se ejecuta una instalación de una colección ansible-galaxy. Al extraer un archivo .tar.gz de la colección, el directorio es creado sin sanear el nombre del archivo. Un atacante podría aprovechar para sobrescribir cualquier archivo dentro del sistema.
Saltstack version 3000.1 suffers from a remote code execution vulnerability.
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-08 CVE Reserved
- 2020-04-30 CVE Published
- 2020-04-30 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-08-24 EPSS Updated
CWE
CAPEC
References (24)
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | < 2019.2.4 Search vendor "Saltstack" for product "Salt" and version " < 2019.2.4" | - |
Affected
| ||||||
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | >= 3000 < 3000.2 Search vendor "Saltstack" for product "Salt" and version " >= 3000 < 3000.2" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Application Remote Collector Search vendor "Vmware" for product "Application Remote Collector" | 7.5.0 Search vendor "Vmware" for product "Application Remote Collector" and version "7.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Application Remote Collector Search vendor "Vmware" for product "Application Remote Collector" | 8.0.0 Search vendor "Vmware" for product "Application Remote Collector" and version "8.0.0" | - |
Affected
| ||||||