VDB
GSD-2020-11652
GSD-2020-11652
PUBLISHED
CVSS 6.5 MEDIUM
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Apr 29, 2020 CVE Published
- May 3, 2020 PoC Published
- May 12, 2020 PoC Published
- May 14, 2020 PoC Published
- Nov 8, 2021 PoC Published
- Nov 20, 2021 PoC Published
- Dec 24, 2024 PoC Published
- Feb 6, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Jan 24, 2026 PoC Published
- Feb 2, 2026 PoC Published
References
- https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html url
- https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst url
- openSUSE-SU-2020:0564 vendor-advisory
- http://www.vmware.com/security/advisories/VMSA-2020-0009.html url
- 20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products vendor-advisory
- http://support.blackberry.com/kb/articleDetail?articleNumber=000063758 url
- openSUSE-SU-2020:1074 vendor-advisory
- http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html exploit
- DSA-4676 advisory
- http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html exploit
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update advisory
- USN-4459-1 advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652 advisory