CVE-2020-11652
published 2020-04-30CVE-2020-11652: An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that…
PriorityP183medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
86.06%
99.7th percentile
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blackberry | workspaces_server | <= 7.1.3 | — |
| blackberry | workspaces_server | — | — |
| blackberry | workspaces_server | 8.0.0 – 8.2.6 | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| cisco | products | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| opensuse | leap | — | — |
| saltstack | salt | < 2019.2.4 | 2019.2.4 |
| saltstack | salt | >= 0 < 2019.2.4 | 2019.2.4 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1 | 2015.8.8+ds-1ubuntu0.1 |
| saltstack | salt | >= 0 < 2017.7.4+dfsg1-1ubuntu18.04.2 | 2017.7.4+dfsg1-1ubuntu18.04.2 |
| saltstack | salt | >= 0 < 0.17.5+ds-1ubuntu0.1~esm2 | 0.17.5+ds-1ubuntu0.1~esm2 |
| saltstack | salt | >= 3000 < 3000.2 | 3000.2 |
| saltstack | salt | >= 3000 < 3000.2 | 3000.2 |
| vmware | application_remote_collector | — | — |
| vmware | application_remote_collector | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Post-exploitation activity observed in the wild included cryptocurrency mining attempts, evidenced by CPU usage spikes. Monitor salt-master hosts for unexpected CPU spikes and cryptominer process execution. ↗
- →The Coinminer.Linux.MALXMR.SMDSL64 malware family was observed exploiting CVE-2020-11652 (SaltStack Directory Traversal). Hunt for this malware family on Linux systems running SaltStack. ↗
- →Check Point IPS signature 'Saltstack Salt Authentication Bypass (CVE-2020-11651)' also covers the attack chain that enables CVE-2020-11652 exploitation. Ensure IPS rules covering both CVEs are deployed on network perimeters protecting Salt masters. ↗
- ·All Salt versions prior to 2019.2.4 and 3000.2 are vulnerable. Patched versions 2019.2.4 and 3000.2 were released on April 29, 2020. Verify Salt version on all masters and minions. ↗
- ·The vulnerability is exploitable by a remote, unauthenticated attacker — no credentials are required to trigger the directory traversal via the wheel module's get_token() method. ↗
- ·Multiple public proof-of-concept exploit scripts were published to GitHub shortly after disclosure. Assume reliable exploitation capability is widely available. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv9.8CRITICAL
vulncheck6.5MEDIUM
cisa6.5MEDIUM
vendor_cisco9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
salt vulnerabilities
osv·2024-06-25·CVSS 9.8
CVE-2020-11651 [CRITICAL] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authentication. (CVE-2020-11651, CVE-2020-11652)
GHSA
SaltStack Salt is vulnerable Arbitrary Directory Access
ghsa·2022-05-24
CVE-2020-11652 [HIGH] CWE-20 SaltStack Salt is vulnerable Arbitrary Directory Access
SaltStack Salt is vulnerable Arbitrary Directory Access
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
OSV
SaltStack Salt is vulnerable Arbitrary Directory Access
osv·2022-05-24
CVE-2020-11652 [HIGH] SaltStack Salt is vulnerable Arbitrary Directory Access
SaltStack Salt is vulnerable Arbitrary Directory Access
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
OSV
salt vulnerabilities
osv·2020-08-13·CVSS 5.3
CVE-2018-15750 [MEDIUM] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authenticat
OSV
CVE-2020-11652: An issue was discovered in SaltStack Salt before 2019
osv·2020-04-30
CVE-2020-11652 CVE-2020-11652: An issue was discovered in SaltStack Salt before 2019
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
VulnCheck
SaltStack Salt Path Traversal Vulnerability
vulncheck·2020·CVSS 6.5
CVE-2020-11652 [MEDIUM] CWE-22 SaltStack Salt Path Traversal Vulnerability
SaltStack Salt Path Traversal Vulnerability
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
Affected: SaltStack Salt
Required Action: Apply updates per vendor instructions.
Exploitation References: https://redcanary.com/blog/kinsing-malware-citrix-saltstack/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf; https://bi.zone/upload/for_download/Threat_Zone_2025_BI.ZONE_Research_rus.pdf
Exploit PoC: https:
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2024-06-25·CVSS 9.8
CVE-2020-11652 [CRITICAL] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authentication. (CVE-2020-11651, CVE-2020-11652)
Instructions: After a standard system update you need to restart Salt to make all the
necessary changes.
CISA
SaltStack Salt Path Traversal Vulnerability
cisa·2021-11-03·CVSS 6.5
CVE-2020-11652 [MEDIUM] CWE-22 SaltStack Salt Path Traversal Vulnerability
Vulnerability: SaltStack Salt Path Traversal Vulnerability
Affected: SaltStack Salt
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-11652
Remediation Due Date: 2022-05-03
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2020-08-13·CVSS 5.3
CVE-2018-15750 [MEDIUM] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possi
Cisco
SaltStack FrameWork Vulnerabilities Affecting Cisco Products
vendor_cisco·2020-05-28·CVSS 9.8
CVE-2020-11651 [CRITICAL] CWE-20 SaltStack FrameWork Vulnerabilities Affecting Cisco Products
SaltStack FrameWork Vulnerabilities Affecting Cisco Products
On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs:
CVE-2020-11651: Authentication Bypass Vulnerability
CVE-2020-11652: Directory Traversal Vulnerability
Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.
Cisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa
VMware
vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)
vendor_vmware·2020-05-08·CVSS 9.8
CVE-2020-11651 [CRITICAL] vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)
VMSA-2020-0009: vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)
The Application Remote Collector (ARC) introduced with vRealize Operations 7.5 utilizes Salt which is affected by CVE-2020-11651 and CVE-2020-11652. VMware has evaluated CVE-2020-11651 (Authentication Bypass) to be in the Critical severity range with a maximum CVSSv3 base score of 10.0 and CVE-2020-11652 (Directory Traversal) to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
CVEs: CVE-2020-11651, CVE-2020-11652
Affected products: VMware Aria
Red Hat
salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths
vendor_redhat·2020-04-29·CVSS 6.5
CVE-2020-11652 [MEDIUM] CWE-20 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths
salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
A flaw was found in salt. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Statement: Red Hat Ceph Storage 2 shipped salt for the usage of Red Hat Storage Console 2(RHSCON-2), which required salt to administrate ceph nodes. RHSCON-2 has reached End Of Life, hence salt is no longer used and supported. Therefore,
Cisco
SaltStack FrameWork Vulnerabilities Affecting Cisco Products
vendor_cisco·CVSS 3.1
CVE-2020-11652 SaltStack FrameWork Vulnerabilities Affecting Cisco Products
CVE-2020-11652: SaltStack FrameWork Vulnerabilities Affecting Cisco Products
On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. Cisco has released software updates that address these vulnerabilities. There are
CVSS: 3.1
CWE: CWE-20, CWE-20
Bug IDs: CSCvu33581, CSCvu43116
Cisco
SaltStack FrameWork Vulnerabilities Affecting Cisco Products
vendor_cisco·CVSS 3.1
CVE-2020-11651 SaltStack FrameWork Vulnerabilities Affecting Cisco Products
CVE-2020-11651: SaltStack FrameWork Vulnerabilities Affecting Cisco Products
On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. Cisco has released software updates that address these vulnerabilities. There are
CVSS: 3.1
CWE: CWE-20, CWE-20
Bug IDs: CSCvu33581, CSCvu43116
No detection rules found.
Exploit-DB
Saltstack 3000.1 - Remote Code Execution
exploitdb·2020-05-05·CVSS 9.8
CVE-2020-11652 [CRITICAL] Saltstack 3000.1 - Remote Code Execution
Saltstack 3000.1 - Remote Code Execution
---
# Exploit Title: Saltstack 3000.1 - Remote Code Execution
# Date: 2020-05-04
# Exploit Author: Jasper Lievisse Adriaanse
# Vendor Homepage: https://www.saltstack.com/
# Version: < 3000.2, < 2019.2.4, 2017.*, 2018.*
# Tested on: Debian 10 with Salt 2019.2.0
# CVE : CVE-2020-11651 and CVE-2020-11652
# Discription: Saltstack authentication bypass/remote code execution
#
# Source: https://github.com/jasperla/CVE-2020-11651-poc
# This exploit is based on this checker script:
# https://github.com/rossengeorgiev/salt-security-backports
#!/usr/bin/env python
#
# Exploit for CVE-2020-11651 and CVE-2020-11652
# Written by Jasper Lievisse Adriaanse (https://github.com/jasperla/CVE-2020-11651-poc)
# This exploit is based on this checker script:
# https:/
Metasploit
SaltStack Salt Master/Minion Unauthenticated RCE
metasploit
SaltStack Salt Master/Minion Unauthenticated RCE
SaltStack Salt Master/Minion Unauthenticated RCE
This module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0, as well as Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE), for versions 1.2, 1.3, 1.5, and 1.6 in certain configurations, are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.
Metasploit
SaltStack Salt Master Server Root Key Disclosure
metasploit
SaltStack Salt Master Server Root Key Disclosure
SaltStack Salt Master Server Root Key Disclosure
This module exploits unauthenticated access to the _prep_auth_info() method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0, as well as Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE), for versions 1.2, 1.3, 1.5, and 1.6 in certain configurations, are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.
Trendmicro
Bedrohungen sowie Schutz für Linux-Umgebungen, Teil 2
blogs_trendmicro·2021-02-03
Bedrohungen sowie Schutz für Linux-Umgebungen, Teil 2
Cyberbedrohungen
## Bedrohungen sowie Schutz für Linux-Umgebungen, Teil 2
Cyberkriminelle richten ihre Aufmerksamkeit und Ressourcen auf Linux-Zielumgebungen mit ihren entsprechenden Schwachpunkten. Welches sind die größten Risiken für diese Plattformen?
By: Magno Logan Feb 03, 2021 Read time: ( words)
Save to Folio
Originalartikel von Magno Logan, Pawan Kinger
Wie jede andere Software ist auch Linux nicht frei von sicherheitsrelevanten Bedrohungen und Risiken. Doch da Linux mittlerweile als eines der mächtigsten Betriebssysteme auf Cloud-Plattformen und Servern weltweit vorherrschend ist, haben die Risiken, die durch die Bedrohungen entstehen, einen anderen Stellenwert als noch vor Jahren. Im ersten Teil des Beitrags wurden die Probleme mit Schwachstellen, Fehlkonfigurationen und de
Talos
Quarterly Report: Incident Response trends from Fall 2020
blogs_talos·2020-12-09
Quarterly Report: Incident Response trends from Fall 2020
By David Liebenberg and Caitlin Huey.
For the sixth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the ransomware Ryuk (though there were engagements that were kicked off this quarter involving Ryuk, but have yet to close). The top ransomware families observed were Maze and Sodinokibi, though barely more than any others, continuing a trend of “democratization” for ransomware families observed in last quarter’s report, in which no one family was dominant. With Maze adversaries’ recent announcement of retirement, the possibility remains that more ransomware groups will step up to fill the void, accelerating this tren
Talos
Quarterly Report: Incident Response trends from Fall 2020
blogs_talos·2020-12-09
Quarterly Report: Incident Response trends from Fall 2020
## Quarterly Report: Incident Response trends from Fall 2020
By David Liebenberg and Caitlin Huey .
For the sixth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the ransomware Ryuk (though there were engagements that were kicked off this quarter involving Ryuk, but have yet to close). The top ransomware families observed were Maze and Sodinokibi, though barely more than any others, continuing a trend of “democratization” for ransomware families observed in last quarter’s report , in which no one family was dominant. With Maze adversaries’ recent announcement of retirement, the possibility remains that more ransomw
Tenable
CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed
blogs_tenable·2020-11-04·CVSS 9.8
[CRITICAL] CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Infrastructure as Code: Die Sicherheitsrisiken
blogs_trendmicro·2020-07-21
Infrastructure as Code: Die Sicherheitsrisiken
Cyberbedrohungen
## Infrastructure as Code: Die Sicherheitsrisiken
Ständig steigende Anforderungen an IT-Infrastrukturen und die Zunahme von CI/CD-Pipelines haben den Bedarf an konsistenter und skalierbarer Automatisierung erhöht. Hier bietet sich Infrastruktur als Code an.
By: David Fiser Jul 21, 2020 Read time: ( words)
Save to Folio
Originalbeitrag von David Fiser (Cyber Threat Researcher)
Ständig steigende Anforderungen an IT-Infrastrukturen und die Zunahme von Continuous Integration and Continuous Deployment (CI/CD)-Pipelines haben den Bedarf an konsistenter und skalierbarer Automatisierung erhöht. Hier bietet sich Infrastruktur als Code (IaC) an. IaC liefert die Bereitstellung, Konfiguration und Verwaltung der Infrastruktur durch formatierte, maschinenlesbare Dateien. Anstelle
Checkpoint
1st June – Threat Intelligence Bulletin
blogs_checkpoint·2020-06-01·CVSS 9.8
CVE-2019-10149 [CRITICAL] 1st June – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 1st June – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 1st June 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
The US NSA has warned that Russia’s Sandworm APT group, an arm of Russian military intelligence, has been exploiting a vulnerability in the Exim mail traffic agent since August of last year, giving it remote code execution abilities. Sandworm is believed to have been responsible for the Ukraine grid disruptions in 2015.
C
Tenable
CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities Exploited in the Wild
blogs_tenable·2020-05-03·CVSS 9.8
[CRITICAL] CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths [epel-all]
bugzilla·2020-05-06·CVSS 6.5
CVE-2020-11652 [MEDIUM] CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths [epel-all]
CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NO
Bugzilla
CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths
bugzilla·2020-05-06·CVSS 6.5
CVE-2020-11652 [MEDIUM] CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths
CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
References:
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
Discussion:
Created salt tracking bugs for this issue:
Affects: epel-all [bug 1832423]
Affects: fedora-all [bug 1832422]
---
Upstream patch: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
---
Statement:
Red Hat Ceph St
Bugzilla
CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths [fedora-all]
bugzilla·2020-05-06·CVSS 6.5
CVE-2020-11652 [MEDIUM] CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths [fedora-all]
CVE-2020-11652 salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.htmlhttp://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.htmlhttp://support.blackberry.com/kb/articleDetail?articleNumber=000063758http://www.vmware.com/security/advisories/VMSA-2020-0009.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2019.2.4.htmlhttps://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rsthttps://lists.debian.org/debian-lts-announce/2020/05/msg00027.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AGhttps://usn.ubuntu.com/4459-1/https://www.debian.org/security/2020/dsa-4676http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.htmlhttp://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.htmlhttp://support.blackberry.com/kb/articleDetail?articleNumber=000063758http://www.vmware.com/security/advisories/VMSA-2020-0009.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2019.2.4.htmlhttps://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rsthttps://lists.debian.org/debian-lts-announce/2020/05/msg00027.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AGhttps://usn.ubuntu.com/4459-1/https://www.debian.org/security/2020/dsa-4676https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652
2020-04-30
Published
2021-11-03
Added to CISA KEV
Exploited in the wild