{"vulnerability": "cve-2020-2824", "sightings": [{"uuid": "5d6b6919-1835-4c14-a05e-d55b05c1dfef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28243", "type": "seen", "source": "https://t.me/cibsecurity/24274", "content": "\u203c CVE-2020-28243 \u203c\n\nAn issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-27T07:39:58.000000Z"}, {"uuid": "7b260b11-b4cd-46e1-a045-45d379870be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28243", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2817", "content": "#Threat_Research\n1. The little bug that couldn\u2019t: Securing OpenSSL...\nhttps://github.blog/2021-02-25-the-little-bug-that-couldnt-securing-openssl\n2. CVE-2020-28243 - SaltStack Minion LPE\nhttps://sec.stealthcopter.com/cve-2020-28243\nhttps://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions\n]-> PoC Exploit in SaltStack Minion:\nhttps://github.com/stealthcopter/CVE-2020-28243", "creation_timestamp": "2021-03-04T11:55:21.000000Z"}, {"uuid": "8c239c54-9293-4316-ab4d-7b0448d715af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28241", "type": "seen", "source": "https://t.me/cibsecurity/15959", "content": "\u203c CVE-2020-28241 \u203c\n\nlibmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-06T07:50:23.000000Z"}, {"uuid": "f54fd1ce-7089-453b-a329-01d10d92db93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28241", "type": "seen", "source": "https://t.me/arpsyndicate/4386", "content": "#ExploitObserverAlert\n\nCVE-2020-28241\n\nDESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to CVE-2020-28241. libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.\n\nFIRST-EPSS: 0.003940000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2024-04-07T23:02:33.000000Z"}]}