Vulnerability-Lookup

CVE-2020-16846 (GCVE-0-2020-16846)

Vulnerability from cvelistv5 – Published: 2020-11-06 07:27 – Updated: 2025-10-21 23:35

CISA KEV

Summary

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

14 references

URL	Tags
https://github.com/saltstack/salt/releases	x_refsource_MISC
https://www.saltstack.com/blog/on-november-3-2020…	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/202011-13	vendor-advisoryx_refsource_GENTOO
http://packetstormsecurity.com/files/160039/SaltS…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2021/dsa-4837	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: f9979b12-2398-49a7-ad74-192df58c4139

Vulnerability ID: CVE-2020-16846

Status: Confirmed

Status Updated: 2021-11-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-11-03

Asserted: 2021-11-03

Scope

Notes: KEV entry: SaltStack Salt Shell Injection Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-16846

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-78
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Salt
Due Date	2022-05-03
Date Added	2021-11-03
Vendorproject	SaltStack
Vulnerabilityname	SaltStack Salt Shell Injection Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2020-16846

Created: 2026-02-02 12:29 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:45:33.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/saltstack/salt/releases"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
          },
          {
            "name": "FEDORA-2020-9e040bd6dd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
          },
          {
            "name": "openSUSE-SU-2020:1868",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
          },
          {
            "name": "GLSA-202011-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202011-13"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
          },
          {
            "name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
          },
          {
            "name": "DSA-4837",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4837"
          },
          {
            "name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-16846",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:49:59.119196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:33.124Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2020-16846 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-03T21:06:05.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/saltstack/salt/releases"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
        },
        {
          "name": "FEDORA-2020-9e040bd6dd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
        },
        {
          "name": "openSUSE-SU-2020:1868",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
        },
        {
          "name": "GLSA-202011-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202011-13"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
        },
        {
          "name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
        },
        {
          "name": "DSA-4837",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4837"
        },
        {
          "name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-16846",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/saltstack/salt/releases",
              "refsource": "MISC",
              "url": "https://github.com/saltstack/salt/releases"
            },
            {
              "name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/",
              "refsource": "CONFIRM",
              "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
            },
            {
              "name": "FEDORA-2020-9e040bd6dd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
            },
            {
              "name": "openSUSE-SU-2020:1868",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
            },
            {
              "name": "GLSA-202011-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202011-13"
            },
            {
              "name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
            },
            {
              "name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
            },
            {
              "name": "DSA-4837",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4837"
            },
            {
              "name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-16846",
    "datePublished": "2020-11-06T07:27:24.000Z",
    "dateReserved": "2020-08-04T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:33.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-16846",
      "cwes": "[\"CWE-78\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2020-16846",
      "product": "Salt",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.",
      "vendorProject": "SaltStack",
      "vulnerabilityName": "SaltStack Salt Shell Injection Vulnerability"
    },
    "epss": {
      "cve": "CVE-2020-16846",
      "date": "2026-05-25",
      "epss": "0.94387",
      "percentile": "0.99971"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-05-03",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "SaltStack Salt Shell Injection Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2015.8.10\", \"matchCriteriaId\": \"0F9405E3-F2B0-41BA-A39D-61BB38475A59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2015.8.11\", \"versionEndExcluding\": \"2015.8.13\", \"matchCriteriaId\": \"A35C23D3-82D4-46E7-BF08-9229C04C0C3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2016.3.0\", \"versionEndExcluding\": \"2016.3.4\", \"matchCriteriaId\": \"B4741BD5-4C40-48BC-A2C1-E6AB33818201\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2016.3.5\", \"versionEndExcluding\": \"2016.3.6\", \"matchCriteriaId\": \"7D28A2B5-316A-45DC-AC85-A0F743C4B3C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2016.3.7\", \"versionEndExcluding\": \"2016.3.8\", \"matchCriteriaId\": \"17C96153-85C1-45DC-A48B-46A3900246E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2016.11.0\", \"versionEndExcluding\": \"2016.11.3\", \"matchCriteriaId\": \"B0A54497-D7E2-4A2C-9719-4D992B296498\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2016.11.4\", \"versionEndExcluding\": \"2016.11.6\", \"matchCriteriaId\": \"920C57AF-6E88-465A-83FA-AB947D4C6F0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2016.11.7\", \"versionEndExcluding\": \"2016.11.10\", \"matchCriteriaId\": \"11D84847-0C8A-473A-9186-46FABD7BB59A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2017.5.0\", \"versionEndExcluding\": \"2017.7.4\", \"matchCriteriaId\": \"C45ACC11-CA9B-4451-B6DD-BD784349CDE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2017.7.5\", \"versionEndExcluding\": \"2017.7.8\", \"matchCriteriaId\": \"BD998745-FA62-4894-A4FC-767F0DE131B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2018.2.0\", \"versionEndExcluding\": \"2018.3.5\", \"matchCriteriaId\": \"9747884A-8B29-42C9-BF5E-5B6D883A78E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2019.2.0\", \"versionEndExcluding\": \"2019.2.5\", \"matchCriteriaId\": \"F7A2912C-7F48-465D-B7F2-93ECD0D0CB74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3000.0\", \"versionEndExcluding\": \"3000.3\", \"matchCriteriaId\": \"D64191C4-C3D3-4615-B7D5-26ADA8BD7C7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:3001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74CAD70E-E77C-4010-B224-CEE3968CB6A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:saltstack:salt:3002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5D7215A-820E-446C-844C-DC4C61BD1884\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en SaltStack Salt versiones hasta 3002. El env\\u00edo de peticiones web dise\\u00f1adas a la Salt API, con el cliente SSH habilitado, puede resultar en una inyecci\\u00f3n shell\"}]",
      "id": "CVE-2020-16846",
      "lastModified": "2024-11-21T05:07:15.510",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-11-06T08:15:13.283",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/saltstack/salt/releases\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security.gentoo.org/glsa/202011-13\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4837\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/saltstack/salt/releases\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security.gentoo.org/glsa/202011-13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-16846\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-06T08:15:13.283\",\"lastModified\":\"2025-11-07T19:32:05.420\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en SaltStack Salt versiones hasta 3002. El env\u00edo de peticiones web dise\u00f1adas a la Salt API, con el cliente SSH habilitado, puede resultar en una inyecci\u00f3n shell\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"SaltStack Salt Shell Injection Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2015.8.10\",\"matchCriteriaId\":\"0F9405E3-F2B0-41BA-A39D-61BB38475A59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2015.8.11\",\"versionEndExcluding\":\"2015.8.13\",\"matchCriteriaId\":\"A35C23D3-82D4-46E7-BF08-9229C04C0C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2016.3.0\",\"versionEndExcluding\":\"2016.3.4\",\"matchCriteriaId\":\"B4741BD5-4C40-48BC-A2C1-E6AB33818201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2016.3.5\",\"versionEndExcluding\":\"2016.3.6\",\"matchCriteriaId\":\"7D28A2B5-316A-45DC-AC85-A0F743C4B3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2016.3.7\",\"versionEndExcluding\":\"2016.3.8\",\"matchCriteriaId\":\"17C96153-85C1-45DC-A48B-46A3900246E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2016.11.0\",\"versionEndExcluding\":\"2016.11.3\",\"matchCriteriaId\":\"B0A54497-D7E2-4A2C-9719-4D992B296498\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2016.11.4\",\"versionEndExcluding\":\"2016.11.6\",\"matchCriteriaId\":\"920C57AF-6E88-465A-83FA-AB947D4C6F0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2016.11.7\",\"versionEndExcluding\":\"2016.11.10\",\"matchCriteriaId\":\"11D84847-0C8A-473A-9186-46FABD7BB59A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2017.5.0\",\"versionEndExcluding\":\"2017.7.4\",\"matchCriteriaId\":\"C45ACC11-CA9B-4451-B6DD-BD784349CDE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2017.7.5\",\"versionEndExcluding\":\"2017.7.8\",\"matchCriteriaId\":\"BD998745-FA62-4894-A4FC-767F0DE131B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2018.2.0\",\"versionEndExcluding\":\"2018.3.5\",\"matchCriteriaId\":\"9747884A-8B29-42C9-BF5E-5B6D883A78E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019.2.0\",\"versionEndExcluding\":\"2019.2.5\",\"matchCriteriaId\":\"F7A2912C-7F48-465D-B7F2-93ECD0D0CB74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3000.0\",\"versionEndExcluding\":\"3000.3\",\"matchCriteriaId\":\"D64191C4-C3D3-4615-B7D5-26ADA8BD7C7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:3001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CAD70E-E77C-4010-B224-CEE3968CB6A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:3002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5D7215A-820E-446C-844C-DC4C61BD1884\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/saltstack/salt/releases\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.gentoo.org/glsa/202011-13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4837\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/saltstack/salt/releases\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.gentoo.org/glsa/202011-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/saltstack/salt/releases\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\", \"name\": \"FEDORA-2020-9e040bd6dd\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\", \"name\": \"openSUSE-SU-2020:1868\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202011-13\", \"name\": \"GLSA-202011-13\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html\", \"name\": \"[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4837\", \"name\": \"DSA-4837\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html\", \"name\": \"[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T13:45:33.237Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-16846\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T13:49:59.119196Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2020-16846 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T13:50:03.280Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/saltstack/salt/releases\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\", \"name\": \"FEDORA-2020-9e040bd6dd\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\", \"name\": \"openSUSE-SU-2020:1868\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://security.gentoo.org/glsa/202011-13\", \"name\": \"GLSA-202011-13\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html\", \"name\": \"[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4837\", \"name\": \"DSA-4837\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html\", \"name\": \"[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-01-03T21:06:05.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/saltstack/salt/releases\", \"name\": \"https://github.com/saltstack/salt/releases\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\", \"name\": \"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\", \"name\": \"FEDORA-2020-9e040bd6dd\", \"refsource\": \"FEDORA\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\", \"name\": \"openSUSE-SU-2020:1868\", \"refsource\": \"SUSE\"}, {\"url\": \"https://security.gentoo.org/glsa/202011-13\", \"name\": \"GLSA-202011-13\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1381/\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1383/\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1380/\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1379/\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-1382/\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html\", \"name\": \"[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.debian.org/security/2021/dsa-4837\", \"name\": \"DSA-4837\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html\", \"name\": \"[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update\", \"refsource\": \"MLIST\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-16846\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-16846\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:33.124Z\", \"dateReserved\": \"2020-08-04T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-11-06T07:27:24.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2020-AVI-712

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans SaltStack. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	SaltStack 3001.x sans le dernier package de sécurité
N/A	N/A	SaltStack 3000.x sans le dernier package de sécurité
N/A	N/A	SaltStack 2019.x sans le dernier package de sécurité
N/A	N/A	SaltStack 2016.11.3, 2016.11.6, 2016.11.10 sans le dernier patch
N/A	N/A	SaltStack 2015.8.10, 2015.8.13 sans le dernier patch
N/A	N/A	SaltStack 2018.3.5 sans le dernier patch
N/A	N/A	SaltStack 2017.7.4, 2017.7.8 sans le dernier patch
N/A	N/A	SaltStack 2016.3.4, 2016.3.6, 2016.3.8 sans le dernier patch
N/A	N/A	SaltStack 3002.x sans le dernier package de sécurité

References

Title

Publication Time

CERTFR-2020-AVI-712

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	SaltStack 3001.x sans le dernier package de sécurité
N/A	N/A	SaltStack 3000.x sans le dernier package de sécurité
N/A	N/A	SaltStack 2019.x sans le dernier package de sécurité
N/A	N/A	SaltStack 2016.11.3, 2016.11.6, 2016.11.10 sans le dernier patch
N/A	N/A	SaltStack 2015.8.10, 2015.8.13 sans le dernier patch
N/A	N/A	SaltStack 2018.3.5 sans le dernier patch
N/A	N/A	SaltStack 2017.7.4, 2017.7.8 sans le dernier patch
N/A	N/A	SaltStack 2016.3.4, 2016.3.6, 2016.3.8 sans le dernier patch
N/A	N/A	SaltStack 3002.x sans le dernier package de sécurité

References

Title

Publication Time

BDU:2021-01903

Vulnerability from fstec - Published: 02.11.2020

Title

Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt, связанная с отсутствием мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt связана с отсутствием мер по нейтрализации специальных элементов. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, Novell Inc., Fedora Project, Red Hat Inc., SaltStack, Inc, АО «ИВК», АО "НППКТ"

Software Name

Debian GNU/Linux, OpenSUSE Leap, Fedora, Red Hat Ceph Storage, Salt, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

9 (Debian GNU/Linux), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 31 (Fedora), 2 (Red Hat Ceph Storage), до 3002 (Salt), - (Альт 8 СП), до 2.5 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для Salt: Обновление программного обеспечения до 3002.5+dfsg1-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета salt) до 2016.11.2+ds-1+deb9u6 или более поздней версии Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2020-16846 Для ОСОН ОСнова Оnyx:Обновление программного обеспечения salt до версии 2018.3.4+dfsg1-6+deb10u3 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://access.redhat.com/security/cve/CVE-2020-16846 https://github.com/vulhub/vulhub/tree/master/saltstack/CVE-2020-16846 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/ https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html https://nvd.nist.gov/vuln/detail/CVE-2020-16846 https://security-tracker.debian.org/tracker/CVE-2020-16846 https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://altsp.su/obnovleniya-bezopasnosti/ https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Fedora Project, Red Hat Inc., SaltStack, Inc, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 31 (Fedora), 2 (Red Hat Ceph Storage), \u0434\u043e 3002 (Salt), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Salt:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 3002.5+dfsg1-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 salt) \u0434\u043e 2016.11.2+ds-1+deb9u6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-16846\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f salt \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2018.3.4+dfsg1-6+deb10u3\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.11.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.04.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01903",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-16846",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, OpenSUSE Leap, Fedora, Red Hat Ceph Storage, Salt, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 31 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.5  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 Salt, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 Salt \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/CVE-2020-16846\nhttps://github.com/vulhub/vulhub/tree/master/saltstack/CVE-2020-16846\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/\nhttps://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-16846\nhttps://security-tracker.debian.org/tracker/CVE-2020-16846\nhttps://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2020-64308

Vulnerability from cnvd - Published: 2020-11-19

Title

SaltStack API授权问题漏洞

Description

SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt中的API存在操作系统命令注入漏洞，攻击者可利用该漏洞绕过限制，以提升其特权。

Severity

高

Patch Name

SaltStack API授权问题漏洞的补丁

Patch Description

SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt中的API存在操作系统命令注入漏洞，攻击者可利用该漏洞绕过限制，以提升其特权。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://gitlab.com/saltstack/open/salt-patches

Reference

https://vigilance.fr/vulnerability/Salt-privilege-escalation-via-API-33807

Impacted products

Name
SaltStack Salt

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-16846",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-16846"
    }
  },
  "description": "SaltStack Salt\u662fSaltStack\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7528\u4e8e\u7ba1\u7406\u57fa\u7840\u67b6\u6784\u7684\u5de5\u5177\u3002\u8be5\u5de5\u5177\u63d0\u4f9b\u914d\u7f6e\u7ba1\u7406\u3001\u8fdc\u7a0b\u6267\u884c\u7b49\u529f\u80fd\u3002\n\nSaltStack Salt\u4e2d\u7684API\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u9650\u5236\uff0c\u4ee5\u63d0\u5347\u5176\u7279\u6743\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://gitlab.com/saltstack/open/salt-patches",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-64308",
  "openTime": "2020-11-19",
  "patchDescription": "SaltStack Salt\u662fSaltStack\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7528\u4e8e\u7ba1\u7406\u57fa\u7840\u67b6\u6784\u7684\u5de5\u5177\u3002\u8be5\u5de5\u5177\u63d0\u4f9b\u914d\u7f6e\u7ba1\u7406\u3001\u8fdc\u7a0b\u6267\u884c\u7b49\u529f\u80fd\u3002\r\n\r\nSaltStack Salt\u4e2d\u7684API\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u9650\u5236\uff0c\u4ee5\u63d0\u5347\u5176\u7279\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SaltStack API\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SaltStack Salt"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Salt-privilege-escalation-via-API-33807",
  "serverity": "\u9ad8",
  "submitTime": "2020-11-09",
  "title": "SaltStack API\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2020-16846

Vulnerability from fkie_nvd - Published: 2020-11-06 08:15 - Updated: 2025-11-07 19:32

CISA KEV

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html	Mailing List, Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://github.com/saltstack/salt/releases	Release Notes
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/	Release Notes
cve@mitre.org	https://security.gentoo.org/glsa/202011-13	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4837	Mailing List, Third Party Advisory
cve@mitre.org	https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/	Broken Link, Vendor Advisory
cve@mitre.org	https://www.zerodayinitiative.com/advisories/ZDI-20-1379/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.zerodayinitiative.com/advisories/ZDI-20-1380/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.zerodayinitiative.com/advisories/ZDI-20-1381/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.zerodayinitiative.com/advisories/ZDI-20-1382/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.zerodayinitiative.com/advisories/ZDI-20-1383/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/saltstack/salt/releases	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202011-13	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4837	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-1379/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-1380/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-1381/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-1382/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-1383/	Third Party Advisory, VDB Entry
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846	US Government Resource

Impacted products

Vendor	Product	Version
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	3001
saltstack	salt	3002
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	31
opensuse	leap	15.1

JSON

To clipboard

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "SaltStack Salt Shell Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9405E3-F2B0-41BA-A39D-61BB38475A59",
              "versionEndExcluding": "2015.8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35C23D3-82D4-46E7-BF08-9229C04C0C3D",
              "versionEndExcluding": "2015.8.13",
              "versionStartIncluding": "2015.8.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4741BD5-4C40-48BC-A2C1-E6AB33818201",
              "versionEndExcluding": "2016.3.4",
              "versionStartIncluding": "2016.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D28A2B5-316A-45DC-AC85-A0F743C4B3C4",
              "versionEndExcluding": "2016.3.6",
              "versionStartIncluding": "2016.3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C96153-85C1-45DC-A48B-46A3900246E2",
              "versionEndExcluding": "2016.3.8",
              "versionStartIncluding": "2016.3.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A54497-D7E2-4A2C-9719-4D992B296498",
              "versionEndExcluding": "2016.11.3",
              "versionStartIncluding": "2016.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "920C57AF-6E88-465A-83FA-AB947D4C6F0B",
              "versionEndExcluding": "2016.11.6",
              "versionStartIncluding": "2016.11.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11D84847-0C8A-473A-9186-46FABD7BB59A",
              "versionEndExcluding": "2016.11.10",
              "versionStartIncluding": "2016.11.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C45ACC11-CA9B-4451-B6DD-BD784349CDE8",
              "versionEndExcluding": "2017.7.4",
              "versionStartIncluding": "2017.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD998745-FA62-4894-A4FC-767F0DE131B9",
              "versionEndExcluding": "2017.7.8",
              "versionStartIncluding": "2017.7.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9747884A-8B29-42C9-BF5E-5B6D883A78E3",
              "versionEndExcluding": "2018.3.5",
              "versionStartIncluding": "2018.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A2912C-7F48-465D-B7F2-93ECD0D0CB74",
              "versionEndExcluding": "2019.2.5",
              "versionStartIncluding": "2019.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D64191C4-C3D3-4615-B7D5-26ADA8BD7C7B",
              "versionEndExcluding": "3000.3",
              "versionStartIncluding": "3000.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:3001:*:*:*:*:*:*:*",
              "matchCriteriaId": "74CAD70E-E77C-4010-B224-CEE3968CB6A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:3002:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D7215A-820E-446C-844C-DC4C61BD1884",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en SaltStack Salt versiones hasta 3002. El env\u00edo de peticiones web dise\u00f1adas a la Salt API, con el cliente SSH habilitado, puede resultar en una inyecci\u00f3n shell"
    }
  ],
  "id": "CVE-2020-16846",
  "lastModified": "2025-11-07T19:32:05.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-11-06T08:15:13.283",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202011-13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4837"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202011-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-QR38-H96J-2J3W

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2025-10-22 17:55

Summary

SaltStack Salt Command Injection in netapi ssh client

Details

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2015.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.3.0"
            },
            {
              "fixed": "2016.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.11.0"
            },
            {
              "fixed": "2016.11.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2017.5.0"
            },
            {
              "fixed": "2017.7.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2018.2.0"
            },
            {
              "fixed": "2018.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2019.2.0"
            },
            {
              "fixed": "2019.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3000.0"
            },
            {
              "fixed": "3000.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3001"
            },
            {
              "fixed": "3001.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3002"
            },
            {
              "fixed": "3002.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-16846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T22:23:42Z",
    "nvd_published_at": "2020-11-06T08:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
  "id": "GHSA-qr38-h96j-2j3w",
  "modified": "2025-10-22T17:55:29Z",
  "published": "2022-05-24T17:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16846"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379"
    },
    {
      "type": "WEB",
      "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4837"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202011-13"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L12"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/saltstack/salt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-104.yaml"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SaltStack Salt Command Injection in netapi ssh client"
}

GSD-2020-16846

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Aliases

CVE-2020-16846

Aliases

CVE-2020-16846

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-16846",
    "description": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
    "id": "GSD-2020-16846",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-16846.html",
      "https://www.debian.org/security/2021/dsa-4837",
      "https://security.archlinux.org/CVE-2020-16846",
      "https://packetstormsecurity.com/files/cve/CVE-2020-16846"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-16846"
      ],
      "details": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
      "id": "GSD-2020-16846",
      "modified": "2023-12-13T01:21:45.997194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2020-16846",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "product": "Salt",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
      "vendorProject": "SaltStack",
      "vulnerabilityName": "SaltStack Through 3002 Shell Injection Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-16846",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/saltstack/salt/releases",
            "refsource": "MISC",
            "url": "https://github.com/saltstack/salt/releases"
          },
          {
            "name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/",
            "refsource": "CONFIRM",
            "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
          },
          {
            "name": "FEDORA-2020-9e040bd6dd",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
          },
          {
            "name": "openSUSE-SU-2020:1868",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
          },
          {
            "name": "GLSA-202011-13",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202011-13"
          },
          {
            "name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
          },
          {
            "name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
          },
          {
            "name": "DSA-4837",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-4837"
          },
          {
            "name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2015.8.13||\u003e=2016.3.0,\u003c2016.3.8||\u003e=2016.11.0,\u003c2016.11.10|| \u003e=2017.5.0,\u003c2017.7.8||\u003e=2018.2.0,\u003c2018.3.5||\u003e=2019.2.0,\u003c2019.2.5|| \u003e=3000.0,\u003c3000.3||==3001",
          "affected_versions": "All versions before 2015.8.13, all versions starting from 2016.3.0 before 2016.3.8, all versions starting from 2016.11.0 before 2016.11.10, all versions starting from 2017.5.0 before 2017.7.8, all versions starting from 2018.2.0 before 2018.3.5, all versions starting from 2019.2.0 before 2019.2.5, all versions starting from 3000.0 before 3000.3, version 3001",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-07-21",
          "description": "An issue was discovered in SaltStack Salt Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
          "fixed_versions": [
            "2015.8.13",
            "2016.3.8",
            "2016.11.10",
            "2017.7.8",
            "2018.3.5",
            "2019.2.5",
            "3000.3",
            "3001.1"
          ],
          "identifier": "CVE-2020-16846",
          "identifiers": [
            "CVE-2020-16846"
          ],
          "not_impacted": "All versions starting from 2015.8.13 before 2016.3.0, all versions starting from 2016.3.8 before 2016.11.0, all versions starting from 2016.11.10 before 2017.5.0, all versions starting from 2017.7.8 before 2018.2.0, all versions starting from 2018.3.5 before 2019.2.0, all versions starting from 2019.2.5 before 3000.0, all versions starting from 3000.3 before 3001, all versions after 3001",
          "package_slug": "pypi/salt",
          "pubdate": "2020-11-06",
          "solution": "Upgrade to versions 2015.8.13, 2016.3.8, 2016.11.10, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3, 3001.1 or above.",
          "title": "OS Command Injection",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-16846",
            "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
          ],
          "uuid": "da3b8aa1-41d7-47fc-a089-5655d7bbee95"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2015.8.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2015.8.13",
                "versionStartIncluding": "2015.8.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2016.3.4",
                "versionStartIncluding": "2016.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2016.3.6",
                "versionStartIncluding": "2016.3.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2016.3.8",
                "versionStartIncluding": "2016.3.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2016.11.3",
                "versionStartIncluding": "2016.11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2016.11.6",
                "versionStartIncluding": "2016.11.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2016.11.10",
                "versionStartIncluding": "2016.11.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2017.7.4",
                "versionStartIncluding": "2017.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2017.7.8",
                "versionStartIncluding": "2017.7.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2018.3.5",
                "versionStartIncluding": "2018.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.2.5",
                "versionStartIncluding": "2019.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3000.3",
                "versionStartIncluding": "3000.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:saltstack:salt:3001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-16846"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/saltstack/salt/releases",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/saltstack/salt/releases"
            },
            {
              "name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
            },
            {
              "name": "FEDORA-2020-9e040bd6dd",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
            },
            {
              "name": "openSUSE-SU-2020:1868",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
            },
            {
              "name": "GLSA-202011-13",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202011-13"
            },
            {
              "name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
            },
            {
              "name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
            },
            {
              "name": "DSA-4837",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4837"
            },
            {
              "name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-02-22T10:09Z",
      "publishedDate": "2020-11-06T08:15Z"
    }
  }
}

OPENSUSE-SU-2020:1833-1

Vulnerability from csaf_opensuse - Published: 2020-11-05 13:34 - Updated: 2020-11-05 13:34

Summary

Security update for salt

Severity

Critical

Notes

Title of the patch: Security update for salt

Description of the patch: This update for salt fixes the following issues: - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) - Fix disk.blkid to avoid unexpected keyword argument '__pub_user'. (bsc#1177867) - Ensure virt.update stop_on_reboot is updated with its default value. - Do not break package building for systemd OSes. - Drop wrong mock from chroot unit test. - Support systemd versions with dot. (bsc#1176294) - Fix for grains.test_core unit test. - Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024) - Several changes to virtualization: * Fix virt update when cpu and memory are changed. * Memory Tuning GSoC. * Properly fix memory setting regression in virt.update. * Expose libvirt on_reboot in virt states. - Support transactional systems (MicroOS). - zypperpkg module ignores retcode 104 for search(). (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987) - Invalidate file list cache when cache file modified time is in the future. (bsc#1176397) - Prevent import errors when running test_btrfs unit tests. This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames: openSUSE-2020-1833

CVE-2020-16846

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix

Threats

Impact critical

CVE-2020-17490

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25592

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch	—	Vendor Fix

Threats

Impact critical

References

22 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1159670	self
https://bugzilla.suse.com/1175987	self
https://bugzilla.suse.com/1176024	self
https://bugzilla.suse.com/1176294	self
https://bugzilla.suse.com/1176397	self
https://bugzilla.suse.com/1177867	self
https://bugzilla.suse.com/1178319	self
https://bugzilla.suse.com/1178361	self
https://bugzilla.suse.com/1178362	self
https://www.suse.com/security/cve/CVE-2020-16846/	self
https://www.suse.com/security/cve/CVE-2020-17490/	self
https://www.suse.com/security/cve/CVE-2020-25592/	self
https://www.suse.com/security/cve/CVE-2020-16846	external
https://bugzilla.suse.com/1178361	external
https://www.suse.com/security/cve/CVE-2020-17490	external
https://bugzilla.suse.com/1178362	external
https://www.suse.com/security/cve/CVE-2020-25592	external
https://bugzilla.suse.com/1178319	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for salt",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for salt fixes the following issues:\n\n- Properly validate eauth credentials and tokens on SSH calls made by Salt API \n  (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)\n- Fix disk.blkid to avoid unexpected keyword argument \u0027__pub_user\u0027. (bsc#1177867)\n- Ensure virt.update stop_on_reboot is updated with its default value.\n- Do not break package building for systemd OSes.\n- Drop wrong mock from chroot unit test.\n- Support systemd versions with dot. (bsc#1176294)\n- Fix for grains.test_core unit test.\n- Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024)\n- Several changes to virtualization:\n  * Fix virt update when cpu and memory are changed.\n  * Memory Tuning GSoC.\n  * Properly fix memory setting regression in virt.update.\n  * Expose libvirt on_reboot in virt states.\n- Support transactional systems (MicroOS).\n- zypperpkg module ignores retcode 104 for search(). (bsc#1159670)\n- Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding\n  file or block disk. (bsc#1175987)\n- Invalidate file list cache when cache file modified time is in the future. (bsc#1176397)\n- Prevent import errors when running test_btrfs unit tests.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1833",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1833-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1833-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2W22H3YLCTB3S3UBN7YRWYRBMUPL5V5B/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1833-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2W22H3YLCTB3S3UBN7YRWYRBMUPL5V5B/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1159670",
        "url": "https://bugzilla.suse.com/1159670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175987",
        "url": "https://bugzilla.suse.com/1175987"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176024",
        "url": "https://bugzilla.suse.com/1176024"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176294",
        "url": "https://bugzilla.suse.com/1176294"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176397",
        "url": "https://bugzilla.suse.com/1176397"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177867",
        "url": "https://bugzilla.suse.com/1177867"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178319",
        "url": "https://bugzilla.suse.com/1178319"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178361",
        "url": "https://bugzilla.suse.com/1178361"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178362",
        "url": "https://bugzilla.suse.com/1178362"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16846 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-17490 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-17490/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25592 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25592/"
      }
    ],
    "title": "Security update for salt",
    "tracking": {
      "current_release_date": "2020-11-05T13:34:46Z",
      "generator": {
        "date": "2020-11-05T13:34:46Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1833-1",
      "initial_release_date": "2020-11-05T13:34:46Z",
      "revision_history": [
        {
          "date": "2020-11-05T13:34:46Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "salt-bash-completion-3000-lp152.3.15.1.noarch",
                "product": {
                  "name": "salt-bash-completion-3000-lp152.3.15.1.noarch",
                  "product_id": "salt-bash-completion-3000-lp152.3.15.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-fish-completion-3000-lp152.3.15.1.noarch",
                "product": {
                  "name": "salt-fish-completion-3000-lp152.3.15.1.noarch",
                  "product_id": "salt-fish-completion-3000-lp152.3.15.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-zsh-completion-3000-lp152.3.15.1.noarch",
                "product": {
                  "name": "salt-zsh-completion-3000-lp152.3.15.1.noarch",
                  "product_id": "salt-zsh-completion-3000-lp152.3.15.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-salt-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "python2-salt-3000-lp152.3.15.1.x86_64",
                  "product_id": "python2-salt-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-salt-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "python3-salt-3000-lp152.3.15.1.x86_64",
                  "product_id": "python3-salt-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-api-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-api-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-api-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-cloud-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-cloud-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-cloud-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-doc-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-doc-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-doc-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-master-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-master-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-master-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-minion-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-minion-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-minion-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-proxy-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-proxy-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-proxy-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-ssh-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-ssh-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-ssh-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-syndic-3000-lp152.3.15.1.x86_64",
                "product": {
                  "name": "salt-syndic-3000-lp152.3.15.1.x86_64",
                  "product_id": "salt-syndic-3000-lp152.3.15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-salt-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "python2-salt-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-salt-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "python3-salt-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-api-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-api-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-bash-completion-3000-lp152.3.15.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch"
        },
        "product_reference": "salt-bash-completion-3000-lp152.3.15.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-cloud-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-cloud-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-doc-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-doc-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-fish-completion-3000-lp152.3.15.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch"
        },
        "product_reference": "salt-fish-completion-3000-lp152.3.15.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-master-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-master-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-minion-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-minion-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-proxy-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-proxy-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-ssh-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-ssh-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-syndic-3000-lp152.3.15.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64"
        },
        "product_reference": "salt-syndic-3000-lp152.3.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-zsh-completion-3000-lp152.3.15.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
        },
        "product_reference": "salt-zsh-completion-3000-lp152.3.15.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-16846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
          "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
          "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16846",
          "url": "https://www.suse.com/security/cve/CVE-2020-16846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178361 for CVE-2020-16846",
          "url": "https://bugzilla.suse.com/1178361"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-05T13:34:46Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-16846"
    },
    {
      "cve": "CVE-2020-17490",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-17490"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
          "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
          "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-17490",
          "url": "https://www.suse.com/security/cve/CVE-2020-17490"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178362 for CVE-2020-17490",
          "url": "https://bugzilla.suse.com/1178362"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-05T13:34:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-17490"
    },
    {
      "cve": "CVE-2020-25592",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25592"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
          "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
          "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
          "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25592",
          "url": "https://www.suse.com/security/cve/CVE-2020-25592"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178319 for CVE-2020-25592",
          "url": "https://bugzilla.suse.com/1178319"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:python2-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:python3-salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-api-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-bash-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-cloud-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-doc-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-fish-completion-3000-lp152.3.15.1.noarch",
            "openSUSE Leap 15.2:salt-master-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-minion-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-proxy-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-ssh-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-standalone-formulas-configuration-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-syndic-3000-lp152.3.15.1.x86_64",
            "openSUSE Leap 15.2:salt-zsh-completion-3000-lp152.3.15.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-05T13:34:46Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-25592"
    }
  ]
}

OPENSUSE-SU-2020:1868-1

Vulnerability from csaf_opensuse - Published: 2020-11-07 09:55 - Updated: 2020-11-07 09:55

Summary

Security update for salt

Severity

Critical

Notes

Title of the patch: Security update for salt

Description of the patch: This update for salt fixes the following issues: - Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) - Fix disk.blkid to avoid unexpected keyword argument '__pub_user'. (bsc#1177867) - Ensure virt.update stop_on_reboot is updated with its default value. - Do not break package building for systemd OSes. - Drop wrong mock from chroot unit test. - Support systemd versions with dot. (bsc#1176294) - Fix for grains.test_core unit test. - Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024) - Several changes to virtualization: * Fix virt update when cpu and memory are changed. * Memory Tuning GSoC. * Properly fix memory setting regression in virt.update. * Expose libvirt on_reboot in virt states. - Support transactional systems (MicroOS). - zypperpkg module ignores retcode 104 for search(). (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987) - Invalidate file list cache when cache file modified time is in the future. (bsc#1176397) - Prevent import errors when running test_btrfs unit tests This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patchnames: openSUSE-2020-1868

CVE-2020-16846

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix

Threats

Impact critical

CVE-2020-17490

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25592

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 15 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch	—	Vendor Fix

Threats

Impact critical

References

23 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1159670	self
https://bugzilla.suse.com/1175987	self
https://bugzilla.suse.com/1176024	self
https://bugzilla.suse.com/1176294	self
https://bugzilla.suse.com/1176397	self
https://bugzilla.suse.com/1177867	self
https://bugzilla.suse.com/1178319	self
https://bugzilla.suse.com/1178361	self
https://bugzilla.suse.com/1178362	self
https://bugzilla.suse.com/1178485	self
https://www.suse.com/security/cve/CVE-2020-16846/	self
https://www.suse.com/security/cve/CVE-2020-17490/	self
https://www.suse.com/security/cve/CVE-2020-25592/	self
https://www.suse.com/security/cve/CVE-2020-16846	external
https://bugzilla.suse.com/1178361	external
https://www.suse.com/security/cve/CVE-2020-17490	external
https://bugzilla.suse.com/1178362	external
https://www.suse.com/security/cve/CVE-2020-25592	external
https://bugzilla.suse.com/1178319	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for salt",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for salt fixes the following issues:\n\n- Avoid regression on \u0027salt-master\u0027: set passphrase for salt-ssh keys to empty string (bsc#1178485)\n- Properly validate eauth credentials and tokens on SSH calls made by Salt API \n  (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)\n- Fix disk.blkid to avoid unexpected keyword argument \u0027__pub_user\u0027. (bsc#1177867)\n- Ensure virt.update stop_on_reboot is updated with its default value.\n- Do not break package building for systemd OSes.\n- Drop wrong mock from chroot unit test.\n- Support systemd versions with dot. (bsc#1176294)\n- Fix for grains.test_core unit test.\n- Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024)\n- Several changes to virtualization:\n  * Fix virt update when cpu and memory are changed.\n  * Memory Tuning GSoC.\n  * Properly fix memory setting regression in virt.update.\n  * Expose libvirt on_reboot in virt states.\n- Support transactional systems (MicroOS).\n- zypperpkg module ignores retcode 104 for search(). (bsc#1159670)\n- Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987)\n- Invalidate file list cache when cache file modified time is in the future. (bsc#1176397)\n- Prevent import errors when running test_btrfs unit tests\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1868",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1868-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1868-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MB6DQ7QYY2NFKZFWBCHEOJR44RYJQMSN/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1868-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MB6DQ7QYY2NFKZFWBCHEOJR44RYJQMSN/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1159670",
        "url": "https://bugzilla.suse.com/1159670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175987",
        "url": "https://bugzilla.suse.com/1175987"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176024",
        "url": "https://bugzilla.suse.com/1176024"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176294",
        "url": "https://bugzilla.suse.com/1176294"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176397",
        "url": "https://bugzilla.suse.com/1176397"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177867",
        "url": "https://bugzilla.suse.com/1177867"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178319",
        "url": "https://bugzilla.suse.com/1178319"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178361",
        "url": "https://bugzilla.suse.com/1178361"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178362",
        "url": "https://bugzilla.suse.com/1178362"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178485",
        "url": "https://bugzilla.suse.com/1178485"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16846 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-17490 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-17490/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25592 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25592/"
      }
    ],
    "title": "Security update for salt",
    "tracking": {
      "current_release_date": "2020-11-07T09:55:37Z",
      "generator": {
        "date": "2020-11-07T09:55:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1868-1",
      "initial_release_date": "2020-11-07T09:55:37Z",
      "revision_history": [
        {
          "date": "2020-11-07T09:55:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "salt-bash-completion-3000-lp151.5.30.1.noarch",
                "product": {
                  "name": "salt-bash-completion-3000-lp151.5.30.1.noarch",
                  "product_id": "salt-bash-completion-3000-lp151.5.30.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-fish-completion-3000-lp151.5.30.1.noarch",
                "product": {
                  "name": "salt-fish-completion-3000-lp151.5.30.1.noarch",
                  "product_id": "salt-fish-completion-3000-lp151.5.30.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-zsh-completion-3000-lp151.5.30.1.noarch",
                "product": {
                  "name": "salt-zsh-completion-3000-lp151.5.30.1.noarch",
                  "product_id": "salt-zsh-completion-3000-lp151.5.30.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-salt-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "python2-salt-3000-lp151.5.30.1.x86_64",
                  "product_id": "python2-salt-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-salt-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "python3-salt-3000-lp151.5.30.1.x86_64",
                  "product_id": "python3-salt-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-api-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-api-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-api-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-cloud-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-cloud-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-cloud-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-doc-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-doc-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-doc-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-master-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-master-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-master-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-minion-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-minion-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-minion-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-proxy-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-proxy-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-proxy-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-ssh-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-ssh-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-ssh-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "salt-syndic-3000-lp151.5.30.1.x86_64",
                "product": {
                  "name": "salt-syndic-3000-lp151.5.30.1.x86_64",
                  "product_id": "salt-syndic-3000-lp151.5.30.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-salt-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "python2-salt-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-salt-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "python3-salt-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-api-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-api-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-bash-completion-3000-lp151.5.30.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch"
        },
        "product_reference": "salt-bash-completion-3000-lp151.5.30.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-cloud-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-cloud-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-doc-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-doc-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-fish-completion-3000-lp151.5.30.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch"
        },
        "product_reference": "salt-fish-completion-3000-lp151.5.30.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-master-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-master-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-minion-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-minion-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-proxy-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-proxy-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-ssh-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-ssh-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-syndic-3000-lp151.5.30.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64"
        },
        "product_reference": "salt-syndic-3000-lp151.5.30.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-zsh-completion-3000-lp151.5.30.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
        },
        "product_reference": "salt-zsh-completion-3000-lp151.5.30.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-16846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
          "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
          "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16846",
          "url": "https://www.suse.com/security/cve/CVE-2020-16846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178361 for CVE-2020-16846",
          "url": "https://bugzilla.suse.com/1178361"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-07T09:55:37Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-16846"
    },
    {
      "cve": "CVE-2020-17490",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-17490"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
          "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
          "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-17490",
          "url": "https://www.suse.com/security/cve/CVE-2020-17490"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178362 for CVE-2020-17490",
          "url": "https://bugzilla.suse.com/1178362"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-07T09:55:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-17490"
    },
    {
      "cve": "CVE-2020-25592",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25592"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
          "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
          "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
          "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25592",
          "url": "https://www.suse.com/security/cve/CVE-2020-25592"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178319 for CVE-2020-25592",
          "url": "https://bugzilla.suse.com/1178319"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python2-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:python3-salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-api-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-doc-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.30.1.noarch",
            "openSUSE Leap 15.1:salt-master-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-minion-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.30.1.x86_64",
            "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.30.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-07T09:55:37Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-25592"
    }
  ]
}

PYSEC-2020-104

Vulnerability from pysec - Published: 2020-11-06 08:15 - Updated: 2021-03-30 13:29

Details

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Impacted products

Name	purl
salt	pkg:pypi/salt

Aliases

CVE-2020-16846

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt",
        "purl": "pkg:pypi/salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2015.8.10"
            },
            {
              "introduced": "2015.8.11"
            },
            {
              "fixed": "2015.8.13"
            },
            {
              "introduced": "2016.3.0"
            },
            {
              "fixed": "2016.3.4"
            },
            {
              "introduced": "2016.3.5"
            },
            {
              "fixed": "2016.3.6"
            },
            {
              "introduced": "2016.3.7"
            },
            {
              "fixed": "2016.3.8"
            },
            {
              "introduced": "2016.11.0"
            },
            {
              "fixed": "2016.11.3"
            },
            {
              "introduced": "2016.11.4"
            },
            {
              "fixed": "2016.11.6"
            },
            {
              "introduced": "2016.11.7"
            },
            {
              "fixed": "2016.11.10"
            },
            {
              "introduced": "2017.7.0"
            },
            {
              "fixed": "2017.7.4"
            },
            {
              "introduced": "2017.7.5"
            },
            {
              "fixed": "2017.7.8"
            },
            {
              "introduced": "2018.3.0rc1"
            },
            {
              "fixed": "2018.3.5"
            },
            {
              "introduced": "2019.2.0"
            },
            {
              "fixed": "2019.2.5"
            },
            {
              "introduced": "3000"
            },
            {
              "fixed": "3000.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.8.7",
        "0.8.9",
        "0.9.0",
        "0.9.1",
        "0.9.2",
        "0.9.3",
        "0.9.4",
        "0.9.5",
        "0.9.6",
        "0.9.7",
        "0.9.8",
        "0.9.9",
        "0.9.9.1",
        "0.10.0",
        "0.10.1",
        "0.10.2",
        "0.10.3",
        "0.10.4",
        "0.10.5",
        "0.11.0",
        "0.11.1",
        "0.12.0",
        "0.12.1",
        "0.13.0",
        "0.13.1",
        "0.13.2",
        "0.13.3",
        "0.14.0",
        "0.14.1",
        "0.15.0",
        "0.15.1",
        "0.15.2",
        "0.15.3",
        "0.15.90",
        "0.16.0",
        "0.16.1",
        "0.16.2",
        "0.16.3",
        "0.16.4",
        "0.17.0rc1",
        "0.17.0",
        "0.17.1",
        "0.17.2",
        "0.17.3",
        "0.17.4",
        "0.17.5",
        "2014.1.0rc1",
        "2014.1.0rc2",
        "2014.1.0rc3",
        "2014.1.0",
        "2014.1.1",
        "2014.1.2",
        "2014.1.3",
        "2014.1.4",
        "2014.1.5",
        "2014.1.6",
        "2014.1.7",
        "2014.1.8",
        "2014.1.9",
        "2014.1.10",
        "2014.1.11",
        "2014.1.12",
        "2014.1.13",
        "2014.7.0rc1",
        "2014.7.0rc2",
        "2014.7.0rc3",
        "2014.7.0rc4",
        "2014.7.0rc5",
        "2014.7.0rc6",
        "2014.7.0rc7",
        "2014.7.0",
        "2014.7.1",
        "2014.7.2",
        "2014.7.3",
        "2014.7.4",
        "2014.7.5",
        "2014.7.6",
        "2014.7.7",
        "2015.2.0rc1",
        "2015.2.0rc2",
        "2015.5.0",
        "2015.5.1",
        "2015.5.2",
        "2015.5.3",
        "2015.5.4",
        "2015.5.5",
        "2015.5.6",
        "2015.5.7",
        "2015.5.8",
        "2015.5.9",
        "2015.5.10",
        "2015.5.11",
        "2015.8.0rc1",
        "2015.8.0rc2",
        "2015.8.0rc3",
        "2015.8.0rc4",
        "2015.8.0rc5",
        "2015.8.0",
        "2015.8.1",
        "2015.8.2",
        "2015.8.3",
        "2015.8.4",
        "2015.8.5",
        "2015.8.7",
        "2015.8.8",
        "2015.8.8.2",
        "2015.8.9",
        "2015.8.11",
        "2015.8.12",
        "2016.3.0",
        "2016.3.1",
        "2016.3.2",
        "2016.3.3",
        "2016.3.5",
        "2016.3.7",
        "2016.11.0",
        "2016.11.1",
        "2016.11.2",
        "2016.11.4",
        "2016.11.5",
        "2016.11.7",
        "2016.11.8",
        "2016.11.9",
        "2017.7.0",
        "2017.7.1",
        "2017.7.2",
        "2017.7.3",
        "2017.7.5",
        "2017.7.6",
        "2017.7.7",
        "2018.3.0rc1",
        "2018.3.0",
        "2018.3.1",
        "2018.3.2",
        "2018.3.3",
        "2018.3.4",
        "2019.2.0",
        "2019.2.1",
        "2019.2.2",
        "2019.2.3",
        "2019.2.4",
        "3000",
        "3000.1",
        "3000.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-16846"
  ],
  "details": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
  "id": "PYSEC-2020-104",
  "modified": "2021-03-30T13:29:00Z",
  "published": "2020-11-06T08:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "type": "ARTICLE",
      "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://security.gentoo.org/glsa/202011-13"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.debian.org/security/2021/dsa-4837"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-16846 (GCVE-0-2020-16846)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Tags

Sightings

Nomenclature