Описание
SaltStack Salt Allows creating certificates with weak file permissions
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-17490
- https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-105.yaml
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L13
- https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
- https://security.gentoo.org/glsa/202011-13
- https://www.debian.org/security/2021/dsa-4837
- https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
Пакеты
salt
< 2015.8.13
2015.8.13
salt
>= 2016.3.0, < 2016.3.8
2016.3.8
salt
>= 2016.11.0, < 2016.11.10
2016.11.10
salt
>= 2017.5.0, < 2017.7.8
2017.7.8
salt
>= 2018.2.0, < 2018.3.5
2018.3.5
salt
>= 2019.2.0, < 2019.2.6
2019.2.6
salt
>= 3000, < 3000.4
3000.4
salt
>= 3001, < 3001.2
3001.2
salt
>= 3002, < 3002.1
3002.1
Связанные уязвимости
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
The TLS module within SaltStack Salt through 3002 creates certificates ...
Уязвимость модуля TLS системы управления конфигурациями и удалённого выполнения операций Salt, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным