VDB

GSD-2020-11652

GSD-2020-11652 PUBLISHED CVSS 6.5 MEDIUM

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
n/an/an/a

Timeline

  • Apr 29, 2020 CVE Published
  • May 3, 2020 PoC Published
  • May 12, 2020 PoC Published
  • May 14, 2020 PoC Published
  • Nov 8, 2021 PoC Published
  • Nov 20, 2021 PoC Published
  • Dec 24, 2024 PoC Published
  • Feb 6, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Jan 24, 2026 PoC Published
  • Feb 2, 2026 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›