VDB
CNVD-2020-26253
CNVD-2020-26253
PUBLISHED
CVSS 6.5 MEDIUM
SaltStack是基于Python开发的一套C/S架构配置管理工具。 SaltStack存在目录遍历漏洞,攻击者通过构造恶意请求,读取服务器上任意文件。
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652 (circl)
- http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html (circl)
- 20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products (circl)
- http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html (circl)
- DSA-4676 (circl)
- http://www.vmware.com/security/advisories/VMSA-2020-0009.html (circl)
- https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html (circl)
- https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst (circl)
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update (circl)
- http://support.blackberry.com/kb/articleDetail?articleNumber=000063758 (circl)
…and 15 more exploits
Timeline
- Apr 29, 2020 CVE Published
- May 3, 2020 PoC Published
- May 12, 2020 PoC Published
- May 14, 2020 PoC Published
- Nov 8, 2021 PoC Published
- Nov 20, 2021 PoC Published
- Dec 24, 2024 PoC Published
- Feb 6, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Jan 24, 2026 PoC Published
- Feb 2, 2026 PoC Published
References
- https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html url
- https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst url
- openSUSE-SU-2020:0564 vendor-advisory
- http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html url
- DSA-4676 vendor-advisory
- http://www.vmware.com/security/advisories/VMSA-2020-0009.html url
- http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html url
- 20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products vendor-advisory
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update mailing-list
- http://support.blackberry.com/kb/articleDetail?articleNumber=000063758 url
- openSUSE-SU-2020:1074 vendor-advisory
- USN-4459-1 vendor-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652 url