Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-11651

Опубликовано: 30 апр. 2020
Источник: ubuntu
Приоритет: medium
CVSS2: 7.5
CVSS3: 9.8

Описание

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

РелизСтатусПримечание
bionic

released

2017.7.4+dfsg1-1ubuntu18.04.2
devel

DNE

eoan

ignored

end of life
esm-apps/bionic

released

2017.7.4+dfsg1-1ubuntu18.04.2
esm-apps/jammy

not-affected

3001+dfsg1-1
esm-apps/xenial

released

2015.8.8+ds-1ubuntu0.1
esm-infra-legacy/trusty

released

0.17.5+ds-1ubuntu0.1~esm2
esm-infra/focal

DNE

focal

DNE

jammy

not-affected

3001+dfsg1-1

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-11651

CVSS3: 9.8
redhat
почти 6 лет назад

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

nvd логотип

CVE-2020-11651

CVSS3: 9.8
nvd
почти 6 лет назад

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

debian логотип

CVE-2020-11651

CVSS3: 9.8
debian
почти 6 лет назад

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...

github логотип

GHSA-pjhf-vpx3-33r3

CVSS3: 9.8
github
больше 3 лет назад

SaltStack Salt Unauthenticated Remote Code Execution

fstec логотип

BDU:2020-03941

CVSS3: 9.8
fstec
почти 6 лет назад

Уязвимость компонента master.py системы управления конфигурациями и удалённого выполнения операций SaltStack, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

7.5 High

CVSS2

9.8 Critical

CVSS3