⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-11651

CWE-20Improper Input ValidationCWE-306Missing Authentication20 documents14 sources
Severity
9.8CRITICAL
EPSS
94.4%
top 0.02%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Saltstack SaltCanonical Ubuntu LinuxDebian Debian Linux+2 more
Timeline
PublishedApr 30
KEV addedNov 3
KEV dueMay 3
Latest updateJun 25
CISA Required Action: Apply updates per vendor instructions.

Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDsaltstack/salt30003000.2+1
PyPIsalt30003000.2+1
Ubuntusalt< 0.17.5+ds-1ubuntu0.1~esm2
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 16.04, 18.04

🔴Vulnerability Details

6
OSV
salt vulnerabilities2024-06-25
OSV
SaltStack Salt Unauthenticated Remote Code Execution2022-05-24
GHSA
SaltStack Salt Unauthenticated Remote Code Execution2022-05-24
CVEList
CVE-2020-11651: An issue was discovered in SaltStack Salt before 20192020-04-30
OSV
CVE-2020-11651: An issue was discovered in SaltStack Salt before 20192020-04-30

💥Exploits & PoCs

1
Exploit-DB
Saltstack 3000.1 - Remote Code Execution2020-05-05

🔍Detection Rules

2
Suricata
ET EXPLOIT Possible Saltstack Authentication Bypass CVE-2020-11651 M12020-05-01
Suricata
ET EXPLOIT Possible SaltStack Authentication Bypass CVE-2020-11651 M22020-05-01

📋Vendor Advisories

6
Ubuntu
Salt vulnerabilities2024-06-25
CISA
SaltStack Salt Authentication Bypass Vulnerability2021-11-03
Ubuntu
Salt vulnerabilities2020-08-13
Cisco
SaltStack FrameWork Vulnerabilities Affecting Cisco Products2020-05-28
VMware
vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)2020-05-08

💬Community

3
Bugzilla
CVE-2020-11651 salt: salt-master process ClearFuncs class does not properly validate method calls [epel-all]2020-05-06
Bugzilla
CVE-2020-11651 salt: salt-master process ClearFuncs class does not properly validate method calls2020-05-06
Bugzilla
CVE-2020-11651 salt: salt-master process ClearFuncs class does not properly validate method calls [fedora-all]2020-05-06
CVE-2020-11651 (CRITICAL CVSS 9.8) | An issue was discovered in SaltStac | cvebase.io