VDB

CVE-2020-11652

CVE-2020-11652 PUBLISHED KEV

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

EPSS 93.68% · 99.9th percentile

Risk Scores

EPSS Score
93.68%
99.9th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSsalt2016.11.5+ds-1, 2016.11.8+dfsg1-1, 2017.7.2+dfsg1-2ubuntu1
Ubuntu:16.04:LTSsalt0, 2015.5.3+ds-1, 2015.8.1+ds-2
Ubuntu:Pro:14.04:LTSsalt0.16.0-1, 0.16.4-2, 0.17.2-1

Exploit Intelligence

…and 221 more exploits

Timeline

  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 20, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Apr 30, 2020 CVE Published
  • May 3, 2020 PoC Published
  • May 4, 2020 PoC Published
  • May 7, 2020 PoC Published
  • May 12, 2020 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›