Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11652 (GCVE-0-2020-11652)
Vulnerability from cvelistv5 – Published: 2020-04-30 17:00 – Updated: 2025-10-21 23:35
VLAI
EPSS
CISA KEV
Summary
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Severity
6.5 (Medium)
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://docs.saltstack.com/en/latest/topics/relea… | x_refsource_MISC |
| https://github.com/saltstack/salt/blob/v3000.2_do… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://packetstormsecurity.com/files/157560/Salts… | x_refsource_MISC |
| https://www.debian.org/security/2020/dsa-4676 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/157678/SaltS… | x_refsource_MISC |
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| http://support.blackberry.com/kb/articleDetail?ar… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://usn.ubuntu.com/4459-1/ | vendor-advisoryx_refsource_UBUNTU |
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 3a14618e-7298-4dcf-8b3c-d3b03b20a4c8
Exploited: Yes
Timestamps
First Seen: 2021-11-03
Asserted: 2021-11-03
Scope
Notes: KEV entry: SaltStack Salt Path Traversal Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11652
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-22 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Salt |
| Due Date | 2022-05-03 |
| Date Added | 2021-11-03 |
| Vendorproject | SaltStack |
| Vulnerabilityname | SaltStack Salt Path Traversal Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 13:26 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"name": "openSUSE-SU-2020:0564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"name": "DSA-4676",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"name": "openSUSE-SU-2020:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "USN-4459-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4459-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-11652",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:54:22.934029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:44.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2020-11652 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-19T18:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"name": "openSUSE-SU-2020:0564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"name": "DSA-4676",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"name": "openSUSE-SU-2020:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "USN-4459-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4459-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html",
"refsource": "MISC",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst",
"refsource": "MISC",
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"name": "openSUSE-SU-2020:0564",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"name": "DSA-4676",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"name": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"name": "openSUSE-SU-2020:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "USN-4459-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4459-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11652",
"datePublished": "2020-04-30T17:00:03.000Z",
"dateReserved": "2020-04-08T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:44.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2020-11652",
"cwes": "[\"CWE-22\"]",
"dateAdded": "2021-11-03",
"dueDate": "2022-05-03",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2020-11652",
"product": "Salt",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.",
"vendorProject": "SaltStack",
"vulnerabilityName": "SaltStack Salt Path Traversal Vulnerability"
},
"epss": {
"cve": "CVE-2020-11652",
"date": "2026-05-29",
"epss": "0.93683",
"percentile": "0.99855"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11652\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-30T17:15:12.190\",\"lastModified\":\"2025-11-07T19:32:37.253\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en SaltStack Salt versiones anteriores a la versi\u00f3n 2019.2.4 y versiones 3000 anteriores a 3000.2. La clase ClearFuncs del proceso Salt-master permite acceder a algunos m\u00e9todos que sanean inapropiadamente las rutas. Estos m\u00e9todos permiten acceso a directorios arbitrarios a usuarios autenticados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"SaltStack Salt Path Traversal Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019.2.4\",\"matchCriteriaId\":\"5861CF02-E8F5-494E-8F51-5AB233260828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3000\",\"versionEndExcluding\":\"3000.2\",\"matchCriteriaId\":\"E84C993E-1C6B-4984-9552-4A76A1FE3EF2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.1.3\",\"matchCriteriaId\":\"C5B41060-E2BF-4C6B-9058-1A4C29D4B922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.6\",\"matchCriteriaId\":\"1E2E34D6-A5DA-497C-8019-4B41BFD0E726\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:workspaces_server:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F418742F-5FCB-49ED-AD0D-DFDFF6AFA01D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:application_remote_collector:7.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DB76F8-036A-4401-B926-9B5156E032C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:application_remote_collector:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C3F42E7-CB56-4287-B09F-C5528B97EB7C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.blackberry.com/kb/articleDetail?articleNumber=000063758\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2020-0009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4459-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4676\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.blackberry.com/kb/articleDetail?articleNumber=000063758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2020-0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4459-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html\", \"name\": \"openSUSE-SU-2020:0564\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4676\", \"name\": \"DSA-4676\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2020-0009.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG\", \"name\": \"20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html\", \"name\": \"[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000063758\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html\", \"name\": \"openSUSE-SU-2020:1074\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4459-1/\", \"name\": \"USN-4459-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T11:35:13.485Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-11652\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:54:22.934029Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2020-11652 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:54:04.527Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html\", \"name\": \"openSUSE-SU-2020:0564\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4676\", \"name\": \"DSA-4676\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2020-0009.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG\", \"name\": \"20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html\", \"name\": \"[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000063758\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html\", \"name\": \"openSUSE-SU-2020:1074\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://usn.ubuntu.com/4459-1/\", \"name\": \"USN-4459-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2020-08-19T18:06:14.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html\", \"name\": \"https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst\", \"name\": \"https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst\", \"refsource\": \"MISC\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html\", \"name\": \"openSUSE-SU-2020:0564\", \"refsource\": \"SUSE\"}, {\"url\": \"http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4676\", \"name\": \"DSA-4676\", \"refsource\": \"DEBIAN\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2020-0009.html\", \"name\": \"http://www.vmware.com/security/advisories/VMSA-2020-0009.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG\", \"name\": \"20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products\", \"refsource\": \"CISCO\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html\", \"name\": \"[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update\", \"refsource\": \"MLIST\"}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000063758\", \"name\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000063758\", \"refsource\": \"MISC\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html\", \"name\": \"openSUSE-SU-2020:1074\", \"refsource\": \"SUSE\"}, {\"url\": \"https://usn.ubuntu.com/4459-1/\", \"name\": \"USN-4459-1\", \"refsource\": \"UBUNTU\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-11652\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-11652\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:44.728Z\", \"dateReserved\": \"2020-04-08T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-04-30T17:00:03.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Уязвимость компонента ClearFuncs системы управления конфигурациями и удалённого выполнения операций SaltStack, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость компонента ClearFuncs системы управления конфигурациями и удалённого выполнения операций SaltStack связана с недостатком механизма проверки вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным
Severity
Vendor
Сообщество свободного программного обеспечения, SaltStack, Inc, АО «ИВК», АО "НППКТ"
Software Name
Debian GNU/Linux, Salt, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 2019.2.4 (Salt), от 3000 до 3000.2 (Salt), - (Альт 8 СП), до 2.5 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для salt:
Обновление программного обеспечения до 3000.2+dfsg1-1 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета salt) до 2018.3.4+dfsg1-6+deb10u1 или более поздней версии
Для ОСОН ОСнова Оnyx:Обновление программного обеспечения salt до версии 2018.3.4+dfsg1-6+deb10u3
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://nvd.nist.gov/vuln/detail/CVE-2020-11652
https://security-tracker.debian.org/tracker/CVE-2020-11652
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
https://altsp.su/obnovleniya-bezopasnosti/
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, SaltStack, Inc, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 2019.2.4 (Salt), \u043e\u0442 3000 \u0434\u043e 3000.2 (Salt), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f salt:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 3000.2+dfsg1-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\n\n\u0414\u043b\u044f Debian:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 salt) \u0434\u043e 2018.3.4+dfsg1-6+deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f salt \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2018.3.4+dfsg1-6+deb10u3\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.04.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.08.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-03942",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-11652",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Salt, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.5 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 ClearFuncs \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 SaltStack, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 ClearFuncs \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 SaltStack \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11652\nhttps://security-tracker.debian.org/tracker/CVE-2020-11652\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttp://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CERTFR-2020-ALE-012
Vulnerability from certfr_alerte - Published: 2020-05-04 - Updated: 2020-07-31
De multiples vulnérabilités ont été découvertes dans les deux versions 2019 et 3000 de la solution SaltStack. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.
Plusieurs incidents de sécurité ont été relayés en source ouverte suite à des attaques ciblées.
Le CERT-FR recommande l’application de la mise à jour dans les plus brefs délais selon les recommandations de l'éditeur.
Enfin, le CERT-FR recommande également d'appliquer les bonnes pratiques de cloisonnement des composants d'administration [1] et de renouveler les secrets d'authentification utilisés par la solution SaltStack. Il est enfin fortement recommandé de procéder à une vérification de la sécurité du Système d’Information afin de détecter une attaque éventuelle.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SaltStack versions ant\u00e9rieures \u00e0 2019.2.4 et 3000.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2020-07-31",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11652"
},
{
"name": "CVE-2020-11651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11651"
}
],
"initial_release_date": "2020-05-04T00:00:00",
"last_revision_date": "2020-07-31T00:00:00",
"links": [
{
"title": "[1] Recommandations relatives \u00e0 l\u0027administration s\u00e9curis\u00e9e des syst\u00e8mes d\u0027information",
"url": "https://www.ssi.gouv.fr/uploads/2015/02/guide_admin_securisee_si_anssi_pa_022_v2.pdf"
},
{
"title": "Avis CERT-FR du 04 mai 2020",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-263/"
}
],
"reference": "CERTFR-2020-ALE-012",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-04T00:00:00.000000"
},
{
"description": "Ajout des bulletins de s\u00e9curit\u00e9 VMware, Debian et SUSE",
"revision_date": "2020-05-11T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-salt-2vx545AG du 29 mai 2020",
"revision_date": "2020-05-29T00:00:00.000000"
},
{
"description": "La cl\u00f4ture d\u0027une alerte ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2020-07-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les deux versions\n2019 et 3000 de la solution SaltStack. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire et un contournement de la\npolitique de s\u00e9curit\u00e9.\n\nPlusieurs incidents de s\u00e9curit\u00e9 ont \u00e9t\u00e9 relay\u00e9s en source ouverte suite\n\u00e0 des attaques cibl\u00e9es.\n\nLe CERT-FR recommande l\u2019application de la mise \u00e0 jour dans les plus\nbrefs d\u00e9lais selon les recommandations de l\u0027\u00e9diteur.\n\nEnfin, le CERT-FR recommande \u00e9galement d\u0027appliquer les bonnes pratiques\nde cloisonnement des composants d\u0027administration \\[1\\] et de renouveler\nles secrets d\u0027authentification utilis\u00e9s par la solution SaltStack. Il\nest enfin fortement recommand\u00e9 de proc\u00e9der \u00e0 une v\u00e9rification de la\ns\u00e9curit\u00e9 du Syst\u00e8me d\u2019Information afin de d\u00e9tecter une attaque\n\u00e9ventuelle.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SaltStack",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-4676 du 06 mai 2020",
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201147-1 du 29 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201147-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-202014351-1 du 29 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014351-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2020-0009 du 08 mai 2020",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201150-1 du 29 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201150-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-202014350-1 du 29 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014350-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201151-1 du 29 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201151-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SaltStack du 30 avril 2020",
"url": "https://help.saltstack.com/hc/en-us/articles/360043056331-New-SaltStack-Release-Critical-Vulnerability"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-salt-2vx545AG du 29 mai 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
}
]
}
CERTFR-2020-AVI-263
Vulnerability from certfr_avis - Published: 2020-05-04 - Updated: 2020-05-04
De multiples vulnérabilités ont été découvertes dans les deux versions 2019 et 3000 de la solution SaltStack. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SaltStack versions ant\u00e9rieures \u00e0 2019.2.4 et 3000.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11651"
},
{
"name": "CVE-2020-11652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11652"
}
],
"initial_release_date": "2020-05-04T00:00:00",
"last_revision_date": "2020-05-04T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-263",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les deux versions\n2019 et 3000 de la solution SaltStack. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SaltStack",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SaltStack du 30 avril 2020",
"url": "https://help.saltstack.com/hc/en-us/articles/360043056331-New-SaltStack-Release-Critical-Vulnerability"
}
]
}
CISCO-SA-SALT-2VX545AG
Vulnerability from csaf_cisco - Published: 2020-05-28 16:00 - Updated: 2020-06-16 15:17Summary
SaltStack FrameWork Vulnerabilities Affecting Cisco Products
Notes
Summary: On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs:
CVE-2020-11651: Authentication Bypass Vulnerability
CVE-2020-11652: Directory Traversal Vulnerability
Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.
Cisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.
Vulnerable Products: These vulnerabilities affect the following Cisco products if they are running a vulnerable software release:
Modeling Labs Corporate Edition (CML)
TelePresence IX5000 Series
Virtual Internet Routing Lab Personal Edition (VIRL-PE)
Cisco CML and Cisco VIRL-PE
Cisco CML and Cisco VIRL-PE can be deployed either in standalone or cluster configurations. The vulnerabilities will impact each deployment differently. For impact information and recommended actions, see the table in the Details ["#details"] section of this advisory.
Note: Cisco infrastructure maintains the salt-master servers that are used with Cisco VIRL-PE. Those servers were upgraded on May 7, 2020. Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised. The servers were remediated on May 7, 2020. The following servers were compromised:
us-1.virl.info
us-2.virl.info
us-3.virl.info
us-4.virl.info
vsm-us-1.virl.info
vsm-us-2.virl.info
Cisco VIRL-PE connects back to Cisco maintained Salt Servers that are running the salt-master service. These servers are configured to communicate with a different Cisco salt-master server, depending on which release of Cisco VIRL-PE software is running. Administrators can check the configured Cisco salt-master server by navigating to VIRL Server > Salt Configuration and Status.
Cisco CML does not connect back to any Cisco maintained Salt Servers.
Cisco TelePresence IX5000 Series
Salt services are enabled by default on Cisco TelePresence IX5000 Series.
Products Confirmed Not Vulnerable: Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.
Details: Cisco CML and Cisco VIRL-PE
For information about Cisco CML and Cisco VIRL-PE, see Cisco Modeling Labs ["https://developer.cisco.com/modeling-labs/"].
For Cisco CML and Cisco VIRL-PE software releases 1.5 and 1.6, if the salt-master service is enabled, the exploitability of the product depends on how the product has been deployed. To be exploited, the salt-master service must be reachable on TCP ports 4505 and 4506. For any installation that is found with salt-master service running, Cisco would recommend either inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE.
To check the status of the salt-master service on the installation of Cisco CML and Cisco VIRL-PE, log in to the device and execute the command sudo systemctl status salt-master. If the salt-master service is active, as indicated by Active: active (running), the device is vulnerable and Cisco recommends following the actions listed in the table below.
The following example shows a device where the salt-master service is enabled:
virl@virl:~$ sudo systemctl status salt-master
? salt-master.service - The Salt Master Server
Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/salt-master.service.d
+-override.conf
Active: active (running) since Thu 2020-05-28 17:55:10 GMT; 1s ago
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 20662 (/usr/bin/python)
Tasks: 16
Memory: 217.9M
CPU: 7.870s
CGroup: /system.slice/salt-master.service
+-20662 /usr/bin/python /usr/bin/salt-master ProcessManage
+-20789 /usr/bin/python /usr/bin/salt-master MultiprocessingLoggingQueu
+-20793 /usr/bin/python /usr/bin/salt-master ZeroMQPubServerChanne
+-20794 /usr/bin/python /usr/bin/salt-master EventPublishe
+-20797 /usr/bin/python /usr/bin/salt-master Maintenanc
+-20798 /usr/bin/python /usr/bin/salt-master ReqServer_ProcessManage
+-20799 /usr/bin/python /usr/bin/salt-master MWorkerQueu
+-20804 /usr/bin/python /usr/bin/salt-master MWorker-
+-20805 /usr/bin/python /usr/bin/salt-master MWorker-
+-20806 /usr/bin/python /usr/bin/salt-master MWorker-May 28 17:55:08 virl systemd[1]: Starting The Salt Master Server...
May 28 17:55:10 virl systemd[1]: Started The Salt Master Server.
virl@virl:~$
The following example shows a device where the salt-master service is not enabled:
virl@virl:~$ sudo systemctl status salt-master
? salt-master.service - The Salt Master Server
Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/salt-master.service.d
+-override.conf
Active: inactive (dead)
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
The following table lists the impact and recommended action for each deployment option for each Cisco software release.
Cisco CML and VIRL-PE Software Release Deployment Option Impact Recommended Action 2.0 Standalone Not affected. Does not run Salt services. None. 2.0 Cluster Mode Not affected. Not currently supported. None. 1.6 Standalone
For customers who performed a fresh install, there is no impact. An install runs the salt-minion process only when required; it does not run a salt-master service.
For customers who upgraded from Release 1.5, a salt-master service is running.
Check the status of the salt-master service using the sudo systemctl status salt-master command. If the salt-master service is running, do one of the following:
Upgrade to a patched release, which will disable the salt-master service.1
Disable the salt-master service using the workaround.
1.6 Cluster Mode
For customers who performed a fresh install, there is no impact. The controller runs SaltStack Master and communicates with compute nodes - SaltStack bound only to private network.
For customers who upgraded from 1.5, a salt-master service is running.
Check the status of the salt-master service using the sudo systemctl status salt-master command. If the salt-master service is running, do one of the following:
Upgrade to patched release, which will disable the salt-master service on all interfaces except the internal (INT) network.1
1.5 Standalone
Salt-minion service running.
Salt-master service running (bound to all interfaces).
Note: Salt services are not running on CML.
Check the status of the salt-master service using the sudo systemctl status salt-master command. If the salt-master service is running, do one of the following:
Upgrade to a patched release, which will disable the salt-master service.1
Disable the salt-master service using the workaround.
1.5 Cluster Mode
Salt-minion service running.
Salt-master service running (bound to all interfaces).
Upgrade to patched release, which will disable the salt-master service on all interfaces except the internal (INT) network.1
1.3 Standalone
Salt-minion service running.
Salt-master service running (bound to all interfaces).
CML
Do one of the following:
Upgrade to a patched release, which will disable the salt-master service.1
Disable the salt-master service using the workaround.
VIRL-PE
Re-image the machines and install the VIRL-PE patched release.1
1.3 Cluster Mode
Salt-minion service running.
Salt-master service running (bound to all interfaces).
CML
Migrate to a patched release.1
VIRL-PE
Re-image the machines and install the VIRL-PE patched release.1
1.2 Standalone
Salt-minion service running.
Salt-master service running (bound to all interfaces).
CML
Do one of the following:
Upgrade to a patched release, which will disable the salt-master service.1
Disable the salt-master service using the workaround.
VIRL-PE
Re-image the machines and install the VIRL-PE patched release.1
1.2 Cluster Mode
Salt-minion service running.
Salt-master service running (bound to all interfaces).
CML
Migrate to a patched release.1
VIRL-PE
Re-image the machines and install the VIRL-PE patched release.1
1. For recommended patched software releases, see the Fixed Software ["#fs"] section of this advisory.
Cisco TelePresence IX5000 Series
Salt services are enabled by default on Cisco TelePresence IX5000 Series, but these services are not required for normal operation. For information about disabling the services, see the Workarounds ["#wk"] section.
Workarounds: Cisco CML and Cisco VIRL-PE
Cisco CML and Cisco VIRL-PE software releases 2.0 and later do not run the salt-master service.
For Cisco CML and Cisco VIRL-PE deployed in standalone mode, administrators can check the status of the salt-master service and disable the service as shown in the following example:
virl@virl:~$ sudo systemctl status salt-master
? salt-master.service - The Salt Master Server
Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/salt-master.service.d
+-override.conf
Active: active (running) since Thu 2020-05-28 17:55:10 GMT; 1s ago
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
--- Output Omitted ---
virl@virl:~$ sudo systemctl stop salt-master
virl@virl:~$ sudo systemctl disable salt-master
Synchronizing state of salt-master.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install disable salt-master
insserv: warning: current start runlevel(s) (empty) of script `salt-master' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `salt-master' overrides LSB defaults (0 1 6).
virl@virl:~$
For Cisco CML and Cisco VIRL-PE deployed in cluster mode, administrators can check the status of the salt-master service and disable the service on all compute nodes. Follow the steps shown above for standalone deployments. On the cluster controller node, ensure that the salt-master is listening only on the private network interface for inter-cluster communication, as shown in the following example:
virl@virl:~$ netstat -tulpn | grep 450
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 172.16.10.250:4505 0.0.0.0:* LISTEN -
tcp 0 0 172.16.10.250:4506 0.0.0.0:* LISTEN -
virl@virl:~$
If the salt-master is listening on all interfaces as shown in the following example, customers will need to upgrade to a patched release:
virl@virl:~$ netstat -tulpn | grep 450
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN -
virl@virl:~$
Cisco TelePresence IX5000 Series
To disable Salt services permanently on Cisco TelePresence IX5000 Series, modifications must be made to the startup script files, which requires root access on the device. For assistance, contact the Cisco TAC through your support organization.
Fixed Software: Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
Cisco CML
For customers who are running the software in standalone deployments, Cisco recommends migrating to Cisco CML Release 2.0.
To download the software from the Software Center ["https://software.cisco.com/download/navigator.html"] on Cisco.com, do the following:
Click Browse all.
Choose Cloud and Systems Management > Network Modeling > Modeling Labs.
Choose a release from left pane.
For customers who cannot migrate to Release 2.0, Cisco recommends migrating to Release 1.6.67.
Cisco CML does not support in-place upgrades for any Cisco CML 1.x releases. Customers are advised to migrate to a new Cisco CML Release 1.6.67 or Release 2.0 installation.
Cisco fixed this vulnerability in Cisco CML Release 1.6.67. This release upgrades the version of SaltStack, which contains the fixes for both vulnerabilities. Customers who are running Cisco CML Release 1.6.65, which has Salt services enabled on only the private interfaces, are also advised to upgrade to Release 1.6.67.
Cisco VIRL-PE
Cisco recommends migrating to Cisco VIRL-PE Release 2.0, which has been rebranded Cisco Modeling Labs - Personal. For upgrade instructions, see HOW-TO: Upgrade your Virtual Internet Routing Lab Instance to Cisco Modeling Labs - Personal v2.0 ["https://learningnetwork.cisco.com/s/question/0D53i00000U2ihwCAB/howto-upgrade-your-virtual-internet-routing-lab-instance-to-cisco-modeling-labs-personal-v20"].
For customers with standalone deployments who cannot migrate to Cisco VIRL-PE Release 2.0, Cisco recommends upgrading to Release 1.6.66 through the UWM interface to ensure that the salt-master service is disabled. Upgrade instructions are available at http://get.virl.info/upgrd.1.3.php ["http://get.virl.info/upgrd.1.3.php"].
For customers with cluster mode deployments who are running Release 1.5 or Release 1.6, Cisco recommends upgrading to Release 1.6.67 through the UWM interface to ensure that the salt-master service is disabled and upgraded to a fixed SaltStack version. Customers who are running Release 1.3 are advised to migrate to the latest 1.6 release.
Cisco fixed this vulnerability in Cisco VIRL-PE Release 1.6.67. This release upgrades the version of SaltStack, which contains the fixes for both vulnerabilities. Customers who are running 1.6.66, which has Salt services disabled, are also advised to upgrade to Release 1.6.67.
Cisco TelePresence IX5000 Series
Cisco will not release fixed software for Cisco TelePresence IX5000 Series, as the product has entered end of life. To disable Salt services permanently on Cisco TelePresence IX5000 Series, modifications must be made to the startup script files, which requires root access on the device. For assistance, contact the Cisco TAC through your support organization.
Vulnerability Policy: To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements: The Cisco Product Security Incident Response Team (PSIRT) became aware of additional attempted exploitation of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities.
Source: These vulnerabilities were made public by the Salt Open Core team on April 29, 2020.
Legal Disclaimer: THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
10.0 (Critical)
9.8 (Critical)
6.5 (Medium)
References
10 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"summary": "These vulnerabilities were made public by the Salt Open Core team on April 29, 2020."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs:\r\n\r\nCVE-2020-11651: Authentication Bypass Vulnerability\r\nCVE-2020-11652: Directory Traversal Vulnerability\r\n\r\nCisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.\r\n\r\nCisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.\r\n\r\n",
"title": "Summary"
},
{
"category": "general",
"text": "These vulnerabilities affect the following Cisco products if they are running a vulnerable software release:\r\n\r\nModeling Labs Corporate Edition (CML)\r\nTelePresence IX5000 Series\r\nVirtual Internet Routing Lab Personal Edition (VIRL-PE)\r\n Cisco CML and Cisco VIRL-PE\r\nCisco CML and Cisco VIRL-PE can be deployed either in standalone or cluster configurations. The vulnerabilities will impact each deployment differently. For impact information and recommended actions, see the table in the Details [\"#details\"] section of this advisory.\r\n\r\nNote: Cisco infrastructure maintains the salt-master servers that are used with Cisco VIRL-PE. Those servers were upgraded on May 7, 2020. Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised. The servers were remediated on May 7, 2020. The following servers were compromised:\r\n\r\nus-1.virl.info\r\nus-2.virl.info\r\nus-3.virl.info\r\nus-4.virl.info\r\nvsm-us-1.virl.info\r\nvsm-us-2.virl.info\r\n\r\nCisco VIRL-PE connects back to Cisco maintained Salt Servers that are running the salt-master service. These servers are configured to communicate with a different Cisco salt-master server, depending on which release of Cisco VIRL-PE software is running. Administrators can check the configured Cisco salt-master server by navigating to VIRL Server \u003e Salt Configuration and Status.\r\n\r\nCisco CML does not connect back to any Cisco maintained Salt Servers.\r\n Cisco TelePresence IX5000 Series\r\nSalt services are enabled by default on Cisco TelePresence IX5000 Series.",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "Cisco CML and Cisco VIRL-PE\r\nFor information about Cisco CML and Cisco VIRL-PE, see Cisco Modeling Labs [\"https://developer.cisco.com/modeling-labs/\"].\r\n\r\nFor Cisco CML and Cisco VIRL-PE software releases 1.5 and 1.6, if the salt-master service is enabled, the exploitability of the product depends on how the product has been deployed. To be exploited, the salt-master service must be reachable on TCP ports 4505 and 4506. For any installation that is found with salt-master service running, Cisco would recommend either inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE.\r\n\r\nTo check the status of the salt-master service on the installation of Cisco CML and Cisco VIRL-PE, log in to the device and execute the command sudo systemctl status salt-master. If the salt-master service is active, as indicated by Active: active (running), the device is vulnerable and Cisco recommends following the actions listed in the table below.\r\n\r\nThe following example shows a device where the salt-master service is enabled:\r\n\r\n\r\nvirl@virl:~$ sudo systemctl status salt-master\r\n? salt-master.service - The Salt Master Server\r\n Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)\r\n Drop-In: /etc/systemd/system/salt-master.service.d\r\n +-override.conf\r\n Active: active (running) since Thu 2020-05-28 17:55:10 GMT; 1s ago\r\n Docs: man:salt-master(1)\r\n file:///usr/share/doc/salt/html/contents.html\r\n https://docs.saltstack.com/en/latest/contents.html\r\n Main PID: 20662 (/usr/bin/python)\r\n Tasks: 16\r\n Memory: 217.9M\r\n CPU: 7.870s\r\n CGroup: /system.slice/salt-master.service\r\n +-20662 /usr/bin/python /usr/bin/salt-master ProcessManage\r\n +-20789 /usr/bin/python /usr/bin/salt-master MultiprocessingLoggingQueu\r\n +-20793 /usr/bin/python /usr/bin/salt-master ZeroMQPubServerChanne\r\n +-20794 /usr/bin/python /usr/bin/salt-master EventPublishe\r\n +-20797 /usr/bin/python /usr/bin/salt-master Maintenanc\r\n +-20798 /usr/bin/python /usr/bin/salt-master ReqServer_ProcessManage\r\n +-20799 /usr/bin/python /usr/bin/salt-master MWorkerQueu\r\n +-20804 /usr/bin/python /usr/bin/salt-master MWorker-\r\n +-20805 /usr/bin/python /usr/bin/salt-master MWorker-\r\n +-20806 /usr/bin/python /usr/bin/salt-master MWorker-May 28 17:55:08 virl systemd[1]: Starting The Salt Master Server...\r\nMay 28 17:55:10 virl systemd[1]: Started The Salt Master Server.\r\nvirl@virl:~$\r\n\r\nThe following example shows a device where the salt-master service is not enabled:\r\n\r\n\r\nvirl@virl:~$ sudo systemctl status salt-master\r\n? salt-master.service - The Salt Master Server\r\n Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)\r\n Drop-In: /etc/systemd/system/salt-master.service.d\r\n +-override.conf\r\n Active: inactive (dead)\r\n Docs: man:salt-master(1)\r\n file:///usr/share/doc/salt/html/contents.html\r\n https://docs.saltstack.com/en/latest/contents.html\r\n\r\nThe following table lists the impact and recommended action for each deployment option for each Cisco software release.\r\n Cisco CML and VIRL-PE Software Release Deployment Option Impact Recommended Action 2.0 Standalone Not affected. Does not run Salt services. None. 2.0 Cluster Mode Not affected. Not currently supported. None. 1.6 Standalone\r\nFor customers who performed a fresh install, there is no impact. An install runs the salt-minion process only when required; it does not run a salt-master service.\r\n For customers who upgraded from Release 1.5, a salt-master service is running.\r\nCheck the status of the salt-master service using the sudo systemctl status salt-master command. If the salt-master service is running, do one of the following:\r\n\r\nUpgrade to a patched release, which will disable the salt-master service.1\r\nDisable the salt-master service using the workaround.\r\n 1.6 Cluster Mode\r\nFor customers who performed a fresh install, there is no impact. The controller runs SaltStack Master and communicates with compute nodes - SaltStack bound only to private network.\r\n\r\nFor customers who upgraded from 1.5, a salt-master service is running.\r\n\r\nCheck the status of the salt-master service using the sudo systemctl status salt-master command. If the salt-master service is running, do one of the following:\r\n\r\nUpgrade to patched release, which will disable the salt-master service on all interfaces except the internal (INT) network.1\r\n 1.5 Standalone\r\nSalt-minion service running.\r\n\r\nSalt-master service running (bound to all interfaces).\r\n\r\nNote: Salt services are not running on CML.\r\n\r\nCheck the status of the salt-master service using the sudo systemctl status salt-master command. If the salt-master service is running, do one of the following:\r\n\r\nUpgrade to a patched release, which will disable the salt-master service.1\r\nDisable the salt-master service using the workaround.\r\n 1.5 Cluster Mode\r\nSalt-minion service running.\r\n Salt-master service running (bound to all interfaces).\r\nUpgrade to patched release, which will disable the salt-master service on all interfaces except the internal (INT) network.1\r\n 1.3 Standalone\r\nSalt-minion service running.\r\n Salt-master service running (bound to all interfaces).\r\nCML\r\n\r\nDo one of the following:\r\n\r\nUpgrade to a patched release, which will disable the salt-master service.1\r\nDisable the salt-master service using the workaround.\r\n\r\nVIRL-PE\r\n\r\nRe-image the machines and install the VIRL-PE patched release.1\r\n 1.3 Cluster Mode\r\nSalt-minion service running.\r\n Salt-master service running (bound to all interfaces).\r\nCML\r\n\r\nMigrate to a patched release.1\r\n\r\nVIRL-PE\r\n\r\nRe-image the machines and install the VIRL-PE patched release.1\r\n 1.2 Standalone\r\nSalt-minion service running.\r\n Salt-master service running (bound to all interfaces).\r\nCML\r\n\r\nDo one of the following:\r\n\r\nUpgrade to a patched release, which will disable the salt-master service.1\r\nDisable the salt-master service using the workaround.\r\n\r\nVIRL-PE\r\n\r\nRe-image the machines and install the VIRL-PE patched release.1\r\n 1.2 Cluster Mode\r\nSalt-minion service running.\r\n Salt-master service running (bound to all interfaces).\r\nCML\r\n\r\nMigrate to a patched release.1\r\n\r\nVIRL-PE\r\n\r\nRe-image the machines and install the VIRL-PE patched release.1\r\n\r\n1. For recommended patched software releases, see the Fixed Software [\"#fs\"] section of this advisory.\r\n Cisco TelePresence IX5000 Series\r\nSalt services are enabled by default on Cisco TelePresence IX5000 Series, but these services are not required for normal operation. For information about disabling the services, see the Workarounds [\"#wk\"] section.",
"title": "Details"
},
{
"category": "general",
"text": "Cisco CML and Cisco VIRL-PE\r\nCisco CML and Cisco VIRL-PE software releases 2.0 and later do not run the salt-master service.\r\n\r\nFor Cisco CML and Cisco VIRL-PE deployed in standalone mode, administrators can check the status of the salt-master service and disable the service as shown in the following example:\r\n\r\n\r\nvirl@virl:~$ sudo systemctl status salt-master\r\n? salt-master.service - The Salt Master Server\r\n Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)\r\n Drop-In: /etc/systemd/system/salt-master.service.d\r\n +-override.conf\r\n Active: active (running) since Thu 2020-05-28 17:55:10 GMT; 1s ago\r\n Docs: man:salt-master(1)\r\n file:///usr/share/doc/salt/html/contents.html\r\n https://docs.saltstack.com/en/latest/contents.html\r\n\r\n--- Output Omitted ---\r\n\r\nvirl@virl:~$ sudo systemctl stop salt-master\r\nvirl@virl:~$ sudo systemctl disable salt-master\r\nSynchronizing state of salt-master.service with SysV init with /lib/systemd/systemd-sysv-install...\r\nExecuting /lib/systemd/systemd-sysv-install disable salt-master\r\ninsserv: warning: current start runlevel(s) (empty) of script `salt-master\u0027 overrides LSB defaults (2 3 4 5).\r\ninsserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `salt-master\u0027 overrides LSB defaults (0 1 6).\r\nvirl@virl:~$\r\n\r\n\r\nFor Cisco CML and Cisco VIRL-PE deployed in cluster mode, administrators can check the status of the salt-master service and disable the service on all compute nodes. Follow the steps shown above for standalone deployments. On the cluster controller node, ensure that the salt-master is listening only on the private network interface for inter-cluster communication, as shown in the following example:\r\n\r\n\r\nvirl@virl:~$ netstat -tulpn | grep 450\r\n(Not all processes could be identified, non-owned process info\r\n will not be shown, you would have to be root to see it all.)\r\ntcp 0 0 172.16.10.250:4505 0.0.0.0:* LISTEN -\r\ntcp 0 0 172.16.10.250:4506 0.0.0.0:* LISTEN -\r\nvirl@virl:~$\r\n\r\n\r\nIf the salt-master is listening on all interfaces as shown in the following example, customers will need to upgrade to a patched release:\r\n\r\n\r\nvirl@virl:~$ netstat -tulpn | grep 450\r\n(Not all processes could be identified, non-owned process info\r\n will not be shown, you would have to be root to see it all.)\r\ntcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN -\r\ntcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN -\r\nvirl@virl:~$\r\n\r\n Cisco TelePresence IX5000 Series\r\nTo disable Salt services permanently on Cisco TelePresence IX5000 Series, modifications must be made to the startup script files, which requires root access on the device. For assistance, contact the Cisco TAC through your support organization.",
"title": "Workarounds"
},
{
"category": "general",
"text": "Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n Fixed Releases\r\nCisco CML\r\n\r\nFor customers who are running the software in standalone deployments, Cisco recommends migrating to Cisco CML Release 2.0.\r\n\r\nTo download the software from the Software Center [\"https://software.cisco.com/download/navigator.html\"] on Cisco.com, do the following:\r\n\r\nClick Browse all.\r\nChoose Cloud and Systems Management \u003e Network Modeling \u003e Modeling Labs.\r\nChoose a release from left pane.\r\n\r\nFor customers who cannot migrate to Release 2.0, Cisco recommends migrating to Release 1.6.67.\r\n\r\nCisco CML does not support in-place upgrades for any Cisco CML 1.x releases. Customers are advised to migrate to a new Cisco CML Release 1.6.67 or Release 2.0 installation.\r\n\r\nCisco fixed this vulnerability in Cisco CML Release 1.6.67. This release upgrades the version of SaltStack, which contains the fixes for both vulnerabilities. Customers who are running Cisco CML Release 1.6.65, which has Salt services enabled on only the private interfaces, are also advised to upgrade to Release 1.6.67.\r\n\r\nCisco VIRL-PE\r\n\r\nCisco recommends migrating to Cisco VIRL-PE Release 2.0, which has been rebranded Cisco Modeling Labs - Personal. For upgrade instructions, see HOW-TO: Upgrade your Virtual Internet Routing Lab Instance to Cisco Modeling Labs - Personal v2.0 [\"https://learningnetwork.cisco.com/s/question/0D53i00000U2ihwCAB/howto-upgrade-your-virtual-internet-routing-lab-instance-to-cisco-modeling-labs-personal-v20\"].\r\n\r\nFor customers with standalone deployments who cannot migrate to Cisco VIRL-PE Release 2.0, Cisco recommends upgrading to Release 1.6.66 through the UWM interface to ensure that the salt-master service is disabled. Upgrade instructions are available at http://get.virl.info/upgrd.1.3.php [\"http://get.virl.info/upgrd.1.3.php\"].\r\n\r\nFor customers with cluster mode deployments who are running Release 1.5 or Release 1.6, Cisco recommends upgrading to Release 1.6.67 through the UWM interface to ensure that the salt-master service is disabled and upgraded to a fixed SaltStack version. Customers who are running Release 1.3 are advised to migrate to the latest 1.6 release.\r\n\r\nCisco fixed this vulnerability in Cisco VIRL-PE Release 1.6.67. This release upgrades the version of SaltStack, which contains the fixes for both vulnerabilities. Customers who are running 1.6.66, which has Salt services disabled, are also advised to upgrade to Release 1.6.67.\r\n\r\nCisco TelePresence IX5000 Series\r\n\r\nCisco will not release fixed software for Cisco TelePresence IX5000 Series, as the product has entered end of life. To disable Salt services permanently on Cisco TelePresence IX5000 Series, modifications must be made to the startup script files, which requires root access on the device. For assistance, contact the Cisco TAC through your support organization.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) became aware of additional attempted exploitation of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "These vulnerabilities were made public by the Salt Open Core team on April 29, 2020.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@cisco.com",
"issuing_authority": "Cisco PSIRT",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "SaltStack FrameWork Vulnerabilities Affecting Cisco Products",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "Cisco Modeling Labs",
"url": "https://developer.cisco.com/modeling-labs/"
},
{
"category": "external",
"summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
"url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
},
{
"category": "external",
"summary": "considering software upgrades",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
},
{
"category": "external",
"summary": "Cisco Security Advisories and Alerts page",
"url": "https://www.cisco.com/go/psirt"
},
{
"category": "external",
"summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
"url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
},
{
"category": "external",
"summary": "Software Center",
"url": "https://software.cisco.com/download/navigator.html"
},
{
"category": "external",
"summary": "HOW-TO: Upgrade your Virtual Internet Routing Lab Instance to Cisco Modeling Labs - Personal v2.0",
"url": "https://learningnetwork.cisco.com/s/question/0D53i00000U2ihwCAB/howto-upgrade-your-virtual-internet-routing-lab-instance-to-cisco-modeling-labs-personal-v20"
},
{
"category": "external",
"summary": "http://get.virl.info/upgrd.1.3.php",
"url": "http://get.virl.info/upgrd.1.3.php"
}
],
"title": "SaltStack FrameWork Vulnerabilities Affecting Cisco Products",
"tracking": {
"current_release_date": "2020-06-16T15:17:35+00:00",
"generator": {
"date": "2024-05-10T22:50:18+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-salt-2vx545AG",
"initial_release_date": "2020-05-28T16:00:00+00:00",
"revision_history": [
{
"date": "2020-05-28T15:55:30+00:00",
"number": "1.0.0",
"summary": "Initial public release."
},
{
"date": "2020-06-16T15:17:35+00:00",
"number": "2.0.0",
"summary": "Added Cisco TelePresence IX5000 Series as a vulnerable product. Added Release 1.6.67 as a fixed release for both Cisco VIRL-PE and Cisco CML."
}
],
"status": "final",
"version": "2.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Cisco TelePresence IX5000",
"product": {
"name": "Cisco TelePresence IX5000 ",
"product_id": "CSAFPID-210082"
}
},
{
"category": "product_family",
"name": "Cisco Modeling Labs",
"product": {
"name": "Cisco Modeling Labs ",
"product_id": "CSAFPID-277905"
}
},
{
"category": "product_family",
"name": "Cisco Virtual Internet Routing Lab",
"product": {
"name": "Cisco Virtual Internet Routing Lab ",
"product_id": "CSAFPID-277914"
}
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11651",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvu33581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvu43116"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277905",
"CSAFPID-277914",
"CSAFPID-210082"
]
},
"release_date": "2020-05-28T16:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-277905",
"CSAFPID-277914",
"CSAFPID-210082"
],
"url": "https://software.cisco.com"
},
{
"category": "workaround",
"details": "Cisco CML and Cisco VIRL-PE\r\nCisco CML and Cisco VIRL-PE software releases 2.0 and later do not run the salt-master service.\r\n\r\nFor Cisco CML and Cisco VIRL-PE deployed in standalone mode, administrators can check the status of the salt-master service and disable the service as shown in the following example:\r\n\r\n\r\nvirl@virl:~$ sudo systemctl status salt-master\r\n? salt-master.service - The Salt Master Server\r\n Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)\r\n Drop-In: /etc/systemd/system/salt-master.service.d\r\n +-override.conf\r\n Active: active (running) since Thu 2020-05-28 17:55:10 GMT; 1s ago\r\n Docs: man:salt-master(1)\r\n file:///usr/share/doc/salt/html/contents.html\r\n https://docs.saltstack.com/en/latest/contents.html\r\n\r\n--- Output Omitted ---\r\n\r\nvirl@virl:~$ sudo systemctl stop salt-master\r\nvirl@virl:~$ sudo systemctl disable salt-master\r\nSynchronizing state of salt-master.service with SysV init with /lib/systemd/systemd-sysv-install...\r\nExecuting /lib/systemd/systemd-sysv-install disable salt-master\r\ninsserv: warning: current start runlevel(s) (empty) of script `salt-master\u0027 overrides LSB defaults (2 3 4 5).\r\ninsserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `salt-master\u0027 overrides LSB defaults (0 1 6).\r\nvirl@virl:~$\r\n\r\n\r\nFor Cisco CML and Cisco VIRL-PE deployed in cluster mode, administrators can check the status of the salt-master service and disable the service on all compute nodes. Follow the steps shown above for standalone deployments. On the cluster controller node, ensure that the salt-master is listening only on the private network interface for inter-cluster communication, as shown in the following example:\r\n\r\n\r\nvirl@virl:~$ netstat -tulpn | grep 450\r\n(Not all processes could be identified, non-owned process info\r\n will not be shown, you would have to be root to see it all.)\r\ntcp 0 0 172.16.10.250:4505 0.0.0.0:* LISTEN -\r\ntcp 0 0 172.16.10.250:4506 0.0.0.0:* LISTEN -\r\nvirl@virl:~$\r\n\r\n\r\nIf the salt-master is listening on all interfaces as shown in the following example, customers will need to upgrade to a patched release:\r\n\r\n\r\nvirl@virl:~$ netstat -tulpn | grep 450\r\n(Not all processes could be identified, non-owned process info\r\n will not be shown, you would have to be root to see it all.)\r\ntcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN -\r\ntcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN -\r\nvirl@virl:~$\r\n\r\n Cisco TelePresence IX5000 Series\r\nTo disable Salt services permanently on Cisco TelePresence IX5000 Series, modifications must be made to the startup script files, which requires root access on the device. For assistance, contact the Cisco TAC through your support organization.",
"product_ids": [
"CSAFPID-277905",
"CSAFPID-277914",
"CSAFPID-210082"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-277905",
"CSAFPID-277914"
]
},
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-210082"
]
}
],
"title": "SaltStack FrameWork Vulnerabilities Affecting Cisco Products"
},
{
"cve": "CVE-2020-11652",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvu33581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvu43116"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277905",
"CSAFPID-277914",
"CSAFPID-210082"
]
},
"release_date": "2020-05-28T16:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-277905",
"CSAFPID-277914",
"CSAFPID-210082"
],
"url": "https://software.cisco.com"
},
{
"category": "workaround",
"details": "Cisco CML and Cisco VIRL-PE\r\nCisco CML and Cisco VIRL-PE software releases 2.0 and later do not run the salt-master service.\r\n\r\nFor Cisco CML and Cisco VIRL-PE deployed in standalone mode, administrators can check the status of the salt-master service and disable the service as shown in the following example:\r\n\r\n\r\nvirl@virl:~$ sudo systemctl status salt-master\r\n? salt-master.service - The Salt Master Server\r\n Loaded: loaded (/lib/systemd/system/salt-master.service; disabled; vendor preset: enabled)\r\n Drop-In: /etc/systemd/system/salt-master.service.d\r\n +-override.conf\r\n Active: active (running) since Thu 2020-05-28 17:55:10 GMT; 1s ago\r\n Docs: man:salt-master(1)\r\n file:///usr/share/doc/salt/html/contents.html\r\n https://docs.saltstack.com/en/latest/contents.html\r\n\r\n--- Output Omitted ---\r\n\r\nvirl@virl:~$ sudo systemctl stop salt-master\r\nvirl@virl:~$ sudo systemctl disable salt-master\r\nSynchronizing state of salt-master.service with SysV init with /lib/systemd/systemd-sysv-install...\r\nExecuting /lib/systemd/systemd-sysv-install disable salt-master\r\ninsserv: warning: current start runlevel(s) (empty) of script `salt-master\u0027 overrides LSB defaults (2 3 4 5).\r\ninsserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `salt-master\u0027 overrides LSB defaults (0 1 6).\r\nvirl@virl:~$\r\n\r\n\r\nFor Cisco CML and Cisco VIRL-PE deployed in cluster mode, administrators can check the status of the salt-master service and disable the service on all compute nodes. Follow the steps shown above for standalone deployments. On the cluster controller node, ensure that the salt-master is listening only on the private network interface for inter-cluster communication, as shown in the following example:\r\n\r\n\r\nvirl@virl:~$ netstat -tulpn | grep 450\r\n(Not all processes could be identified, non-owned process info\r\n will not be shown, you would have to be root to see it all.)\r\ntcp 0 0 172.16.10.250:4505 0.0.0.0:* LISTEN -\r\ntcp 0 0 172.16.10.250:4506 0.0.0.0:* LISTEN -\r\nvirl@virl:~$\r\n\r\n\r\nIf the salt-master is listening on all interfaces as shown in the following example, customers will need to upgrade to a patched release:\r\n\r\n\r\nvirl@virl:~$ netstat -tulpn | grep 450\r\n(Not all processes could be identified, non-owned process info\r\n will not be shown, you would have to be root to see it all.)\r\ntcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN -\r\ntcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN -\r\nvirl@virl:~$\r\n\r\n Cisco TelePresence IX5000 Series\r\nTo disable Salt services permanently on Cisco TelePresence IX5000 Series, modifications must be made to the startup script files, which requires root access on the device. For assistance, contact the Cisco TAC through your support organization.",
"product_ids": [
"CSAFPID-277905",
"CSAFPID-277914",
"CSAFPID-210082"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277905",
"CSAFPID-277914",
"CSAFPID-210082"
]
}
],
"title": "vuln-CVE-2020-11652"
}
]
}
Title
SaltStack目录遍历漏洞
Description
SaltStack是基于Python开发的一套C/S架构配置管理工具。
SaltStack存在目录遍历漏洞,攻击者通过构造恶意请求,读取服务器上任意文件。
Severity
高
Patch Name
SaltStack目录遍历漏洞的补丁
Patch Description
SaltStack是基于Python开发的一套C/S架构配置管理工具。
SaltStack存在目录遍历漏洞,攻击者通过构造恶意请求,读取服务器上任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
将SaltStack升级到安全版本:2019.2.4或3000.2,升级时建议做好备份工作,建议用户下载使用: https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-11652
Impacted products
| Name | ['SaltStack SaltStack Salt <2019.2.4', 'SaltStack SaltStack Salt <3000.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-11652"
}
},
"description": "SaltStack\u662f\u57fa\u4e8ePython\u5f00\u53d1\u7684\u4e00\u5957C/S\u67b6\u6784\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002\n\nSaltStack\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u6076\u610f\u8bf7\u6c42\uff0c\u8bfb\u53d6\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u3002",
"formalWay": "\u5c06SaltStack\u5347\u7ea7\u5230\u5b89\u5168\u7248\u672c\uff1a2019.2.4\u62163000.2\uff0c\u5347\u7ea7\u65f6\u5efa\u8bae\u505a\u597d\u5907\u4efd\u5de5\u4f5c\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://labs.f-secure.com/advisories/saltstack-authorization-bypass",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-26253",
"openTime": "2020-05-03",
"patchDescription": "SaltStack\u662f\u57fa\u4e8ePython\u5f00\u53d1\u7684\u4e00\u5957C/S\u67b6\u6784\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nSaltStack\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u6076\u610f\u8bf7\u6c42\uff0c\u8bfb\u53d6\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SaltStack\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"SaltStack SaltStack Salt \u003c2019.2.4",
"SaltStack SaltStack Salt \u003c3000.2"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11652",
"serverity": "\u9ad8",
"submitTime": "2020-05-03",
"title": "SaltStack\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}
FKIE_CVE-2020-11652
Vulnerability from fkie_nvd - Published: 2020-04-30 17:15 - Updated: 2025-11-07 19:32
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| saltstack | salt | * | |
| saltstack | salt | * | |
| opensuse | leap | 15.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| blackberry | workspaces_server | * | |
| blackberry | workspaces_server | * | |
| blackberry | workspaces_server | 9.1.0 | |
| vmware | application_remote_collector | 7.5.0 | |
| vmware | application_remote_collector | 8.0.0 |
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "SaltStack Salt Path Traversal Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861CF02-E8F5-494E-8F51-5AB233260828",
"versionEndExcluding": "2019.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E84C993E-1C6B-4984-9552-4A76A1FE3EF2",
"versionEndExcluding": "3000.2",
"versionStartIncluding": "3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B41060-E2BF-4C6B-9058-1A4C29D4B922",
"versionEndIncluding": "7.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2E34D6-A5DA-497C-8019-4B41BFD0E726",
"versionEndIncluding": "8.2.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:workspaces_server:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F418742F-5FCB-49ED-AD0D-DFDFF6AFA01D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:application_remote_collector:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96DB76F8-036A-4401-B926-9B5156E032C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:application_remote_collector:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3F42E7-CB56-4287-B09F-C5528B97EB7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en SaltStack Salt versiones anteriores a la versi\u00f3n 2019.2.4 y versiones 3000 anteriores a 3000.2. La clase ClearFuncs del proceso Salt-master permite acceder a algunos m\u00e9todos que sanean inapropiadamente las rutas. Estos m\u00e9todos permiten acceso a directorios arbitrarios a usuarios autenticados."
}
],
"id": "CVE-2020-11652",
"lastModified": "2025-11-07T19:32:37.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-04-30T17:15:12.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4459-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4459-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-VP49-2G4R-M3X3
Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2025-10-22 17:50
VLAI
Summary
SaltStack Salt is vulnerable Arbitrary Directory Access
Details
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2019.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "3000"
},
{
"fixed": "3000.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-11652"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T22:24:41Z",
"nvd_published_at": "2020-04-30T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.",
"id": "GHSA-vp49-2g4r-m3x3",
"modified": "2025-10-22T17:50:48Z",
"published": "2022-05-24T17:16:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11652"
},
{
"type": "WEB",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-103.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/saltstack/salt"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4459-1"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A",
"type": "CVSS_V4"
}
],
"summary": "SaltStack Salt is vulnerable Arbitrary Directory Access"
}
GSD-2020-11652
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-11652",
"description": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.",
"id": "GSD-2020-11652",
"references": [
"https://www.suse.com/security/cve/CVE-2020-11652.html",
"https://www.debian.org/security/2020/dsa-4676",
"https://ubuntu.com/security/CVE-2020-11652",
"https://security.archlinux.org/CVE-2020-11652",
"https://packetstormsecurity.com/files/cve/CVE-2020-11652"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-11652"
],
"details": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.",
"id": "GSD-2020-11652",
"modified": "2023-12-13T01:22:05.411254Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2020-11652",
"dateAdded": "2021-11-03",
"dueDate": "2022-05-03",
"product": "Salt",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.",
"vendorProject": "SaltStack",
"vulnerabilityName": "SaltStack directory traversal failure to sanitize untrusted input"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html",
"refsource": "MISC",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst",
"refsource": "MISC",
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"name": "openSUSE-SU-2020:0564",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"name": "DSA-4676",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"name": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"name": "openSUSE-SU-2020:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "USN-4459-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4459-1/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2019.2.4||\u003e=3000,\u003c3000.2",
"affected_versions": "All versions before 2019.2.4, all versions starting from 3000 before 3000.2",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2021-07-21",
"description": "The salt-master process `ClearFuncs` class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.",
"fixed_versions": [
"2019.2.4",
"3000.2"
],
"identifier": "CVE-2020-11652",
"identifiers": [
"CVE-2020-11652"
],
"not_impacted": "All versions starting from 2019.2.4 before 3000, all versions starting from 3000.2",
"package_slug": "pypi/salt",
"pubdate": "2020-04-30",
"solution": "Upgrade to versions 2019.2.4, 3000.2 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11652",
"https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
],
"uuid": "390590d2-48f8-497d-89f4-3eef9d83944f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.2.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3000.2",
"versionStartIncluding": "3000",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:blackberry:workspaces_server:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:application_remote_collector:7.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:application_remote_collector:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11652"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"name": "openSUSE-SU-2020:0564",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
},
{
"name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"name": "DSA-4676",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4676"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"
},
{
"name": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"
},
{
"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products",
"refsource": "CISCO",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"
},
{
"name": "openSUSE-SU-2020:1074",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "USN-4459-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4459-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-05-03T14:21Z",
"publishedDate": "2020-04-30T17:15Z"
}
}
}
OPENSUSE-SU-2020:0564-1
Vulnerability from csaf_opensuse - Published: 2020-04-30 14:39 - Updated: 2020-04-30 14:39Summary
Security update for salt
Severity
Critical
Notes
Title of the patch: Security update for salt
Description of the patch: This update for salt fixes the following issues:
- Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-564
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.2 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for salt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for salt fixes the following issues:\n\n- Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-564",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0564-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0564-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSOLZPKWSWDPR4VMI5Q3QMPA72BQNRCM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0564-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSOLZPKWSWDPR4VMI5Q3QMPA72BQNRCM/"
},
{
"category": "self",
"summary": "SUSE Bug 1170595",
"url": "https://bugzilla.suse.com/1170595"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11651 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11652 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11652/"
}
],
"title": "Security update for salt",
"tracking": {
"current_release_date": "2020-04-30T14:39:54Z",
"generator": {
"date": "2020-04-30T14:39:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0564-1",
"initial_release_date": "2020-04-30T14:39:54Z",
"revision_history": [
{
"date": "2020-04-30T14:39:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"product": {
"name": "salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"product_id": "salt-bash-completion-2019.2.0-lp151.5.15.1.noarch"
}
},
{
"category": "product_version",
"name": "salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"product": {
"name": "salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"product_id": "salt-fish-completion-2019.2.0-lp151.5.15.1.noarch"
}
},
{
"category": "product_version",
"name": "salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch",
"product": {
"name": "salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch",
"product_id": "salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "python2-salt-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "python3-salt-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-api-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-api-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-api-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-cloud-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-doc-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-master-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-master-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-master-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-minion-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-proxy-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-ssh-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"product": {
"name": "salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"product_id": "salt-syndic-2019.2.0-lp151.5.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-salt-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-salt-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-api-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-api-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-bash-completion-2019.2.0-lp151.5.15.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch"
},
"product_reference": "salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-cloud-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-doc-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-fish-completion-2019.2.0-lp151.5.15.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch"
},
"product_reference": "salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-master-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-master-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-minion-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-proxy-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-ssh-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-syndic-2019.2.0-lp151.5.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64"
},
"product_reference": "salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
},
"product_reference": "salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11651"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11651",
"url": "https://www.suse.com/security/cve/CVE-2020-11651"
},
{
"category": "external",
"summary": "SUSE Bug 1170595 for CVE-2020-11651",
"url": "https://bugzilla.suse.com/1170595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T14:39:54Z",
"details": "critical"
}
],
"title": "CVE-2020-11651"
},
{
"cve": "CVE-2020-11652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11652"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11652",
"url": "https://www.suse.com/security/cve/CVE-2020-11652"
},
{
"category": "external",
"summary": "SUSE Bug 1170595 for CVE-2020-11652",
"url": "https://bugzilla.suse.com/1170595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-cloud-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-doc-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-2019.2.0-lp151.5.15.1.noarch",
"openSUSE Leap 15.1:salt-master-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-minion-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-2019.2.0-lp151.5.15.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-2019.2.0-lp151.5.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T14:39:54Z",
"details": "critical"
}
],
"title": "CVE-2020-11652"
}
]
}
OPENSUSE-SU-2020:1074-1
Vulnerability from csaf_opensuse - Published: 2020-07-26 12:19 - Updated: 2020-07-26 12:19Summary
Security update for salt
Severity
Moderate
Notes
Title of the patch: Security update for salt
Description of the patch: This update for salt contains the following fixes:
- Fix for TypeError in Tornado importer (bsc#1174165)
- Require python3-distro only for TW (bsc#1173072)
- Update to Salt version 3000:
See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html
- Add docker.logout to docker execution module. (bsc#1165572)
- Add option to enable/disable force refresh for zypper.
- Add publish_batch to ClearFuncs exposed methods.
- Adds test for zypper abbreviation fix.
- Avoid segfault from 'salt-api' under certain conditions of heavy load managing SSH
minions. (bsc#1169604)
- Avoid traceback on debug logging for swarm module. (bsc#1172075)
- Batch mode now also correctly provides return value. (bsc#1168340)
- Better import cache handline.
- Do not make file.recurse state to fail when msgpack 0.5.4. (bsc#1167437)
- Do not require vendored backports-abc. (bsc#1170288)
- Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation.
- Fix for low rpm_lowpkg unit test.
- Fix for temp folder definition in loader unit test.
- Fix for unless requisite when pip is not installed.
- Fix integration test failure for test_mod_del_repo_multiline_values.
- Fix regression in service states with reload argument.
- Fix tornado imports and missing _utils after rebasing patches.
- Fix status attribute issue in aptpkg test.
- Improved storage pool or network handling.
- loop: fix variable names for until_no_eval.
- Make 'salt.ext.tornado.gen' to use 'salt.ext.backports_abc' on Python 2.
- Make setup.py script not to require setuptools greater than 9.1.
- More robust remote port detection.
- Prevent sporious 'salt-api' stuck processes when managing SSH minions.
because of logging deadlock. (bsc#1159284)
- Python3.8 compatibility changes.
- Removes unresolved merge conflict in yumpkg module.
- Returns a the list of IPs filtered by the optional network list.
- Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341). (bsc#1170104)
- Sanitize grains loaded from roster_grains.json cache during 'state.pkg'.
- Various virt backports from 3000.2.
- zypperpkg: filter patterns that start with dot. (bsc#1171906)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-1074
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.7 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.2 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for salt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for salt contains the following fixes:\n\n- Fix for TypeError in Tornado importer (bsc#1174165)\n- Require python3-distro only for TW (bsc#1173072)\n- Update to Salt version 3000:\n See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html\n\n- Add docker.logout to docker execution module. (bsc#1165572)\n- Add option to enable/disable force refresh for zypper.\n- Add publish_batch to ClearFuncs exposed methods.\n- Adds test for zypper abbreviation fix.\n- Avoid segfault from \u0027salt-api\u0027 under certain conditions of heavy load managing SSH\n minions. (bsc#1169604)\n- Avoid traceback on debug logging for swarm module. (bsc#1172075)\n- Batch mode now also correctly provides return value. (bsc#1168340)\n- Better import cache handline.\n- Do not make file.recurse state to fail when msgpack 0.5.4. (bsc#1167437)\n- Do not require vendored backports-abc. (bsc#1170288)\n- Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation.\n- Fix for low rpm_lowpkg unit test.\n- Fix for temp folder definition in loader unit test.\n- Fix for unless requisite when pip is not installed.\n- Fix integration test failure for test_mod_del_repo_multiline_values.\n- Fix regression in service states with reload argument.\n- Fix tornado imports and missing _utils after rebasing patches.\n- Fix status attribute issue in aptpkg test.\n- Improved storage pool or network handling.\n- loop: fix variable names for until_no_eval.\n- Make \u0027salt.ext.tornado.gen\u0027 to use \u0027salt.ext.backports_abc\u0027 on Python 2.\n- Make setup.py script not to require setuptools greater than 9.1.\n- More robust remote port detection.\n- Prevent sporious \u0027salt-api\u0027 stuck processes when managing SSH minions.\n because of logging deadlock. (bsc#1159284)\n- Python3.8 compatibility changes.\n- Removes unresolved merge conflict in yumpkg module.\n- Returns a the list of IPs filtered by the optional network list.\n- Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341). (bsc#1170104)\n- Sanitize grains loaded from roster_grains.json cache during \u0027state.pkg\u0027.\n- Various virt backports from 3000.2.\n- zypperpkg: filter patterns that start with dot. (bsc#1171906)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1074",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1074-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1074-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6GW2K66LI6CQMXXR5ABJWHGQK64P5J5Y/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1074-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6GW2K66LI6CQMXXR5ABJWHGQK64P5J5Y/"
},
{
"category": "self",
"summary": "SUSE Bug 1159284",
"url": "https://bugzilla.suse.com/1159284"
},
{
"category": "self",
"summary": "SUSE Bug 1165572",
"url": "https://bugzilla.suse.com/1165572"
},
{
"category": "self",
"summary": "SUSE Bug 1167437",
"url": "https://bugzilla.suse.com/1167437"
},
{
"category": "self",
"summary": "SUSE Bug 1168340",
"url": "https://bugzilla.suse.com/1168340"
},
{
"category": "self",
"summary": "SUSE Bug 1169604",
"url": "https://bugzilla.suse.com/1169604"
},
{
"category": "self",
"summary": "SUSE Bug 1170104",
"url": "https://bugzilla.suse.com/1170104"
},
{
"category": "self",
"summary": "SUSE Bug 1170288",
"url": "https://bugzilla.suse.com/1170288"
},
{
"category": "self",
"summary": "SUSE Bug 1171906",
"url": "https://bugzilla.suse.com/1171906"
},
{
"category": "self",
"summary": "SUSE Bug 1172075",
"url": "https://bugzilla.suse.com/1172075"
},
{
"category": "self",
"summary": "SUSE Bug 1173072",
"url": "https://bugzilla.suse.com/1173072"
},
{
"category": "self",
"summary": "SUSE Bug 1174165",
"url": "https://bugzilla.suse.com/1174165"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15750 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15751 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11651 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11652 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11652/"
}
],
"title": "Security update for salt",
"tracking": {
"current_release_date": "2020-07-26T12:19:27Z",
"generator": {
"date": "2020-07-26T12:19:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1074-1",
"initial_release_date": "2020-07-26T12:19:27Z",
"revision_history": [
{
"date": "2020-07-26T12:19:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "salt-bash-completion-3000-lp151.5.21.1.noarch",
"product": {
"name": "salt-bash-completion-3000-lp151.5.21.1.noarch",
"product_id": "salt-bash-completion-3000-lp151.5.21.1.noarch"
}
},
{
"category": "product_version",
"name": "salt-fish-completion-3000-lp151.5.21.1.noarch",
"product": {
"name": "salt-fish-completion-3000-lp151.5.21.1.noarch",
"product_id": "salt-fish-completion-3000-lp151.5.21.1.noarch"
}
},
{
"category": "product_version",
"name": "salt-zsh-completion-3000-lp151.5.21.1.noarch",
"product": {
"name": "salt-zsh-completion-3000-lp151.5.21.1.noarch",
"product_id": "salt-zsh-completion-3000-lp151.5.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-salt-3000-lp151.5.21.1.x86_64",
"product": {
"name": "python2-salt-3000-lp151.5.21.1.x86_64",
"product_id": "python2-salt-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-salt-3000-lp151.5.21.1.x86_64",
"product": {
"name": "python3-salt-3000-lp151.5.21.1.x86_64",
"product_id": "python3-salt-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-3000-lp151.5.21.1.x86_64",
"product_id": "salt-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-api-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-api-3000-lp151.5.21.1.x86_64",
"product_id": "salt-api-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-cloud-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-cloud-3000-lp151.5.21.1.x86_64",
"product_id": "salt-cloud-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-doc-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-doc-3000-lp151.5.21.1.x86_64",
"product_id": "salt-doc-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-master-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-master-3000-lp151.5.21.1.x86_64",
"product_id": "salt-master-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-minion-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-minion-3000-lp151.5.21.1.x86_64",
"product_id": "salt-minion-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-proxy-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-proxy-3000-lp151.5.21.1.x86_64",
"product_id": "salt-proxy-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-ssh-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-ssh-3000-lp151.5.21.1.x86_64",
"product_id": "salt-ssh-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"product_id": "salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "salt-syndic-3000-lp151.5.21.1.x86_64",
"product": {
"name": "salt-syndic-3000-lp151.5.21.1.x86_64",
"product_id": "salt-syndic-3000-lp151.5.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-salt-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64"
},
"product_reference": "python2-salt-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-salt-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64"
},
"product_reference": "python3-salt-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-api-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-api-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-bash-completion-3000-lp151.5.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch"
},
"product_reference": "salt-bash-completion-3000-lp151.5.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-cloud-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-cloud-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-doc-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-doc-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-fish-completion-3000-lp151.5.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch"
},
"product_reference": "salt-fish-completion-3000-lp151.5.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-master-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-master-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-minion-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-minion-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-proxy-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-proxy-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-ssh-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-ssh-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-syndic-3000-lp151.5.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64"
},
"product_reference": "salt-syndic-3000-lp151.5.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-zsh-completion-3000-lp151.5.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
},
"product_reference": "salt-zsh-completion-3000-lp151.5.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15750"
}
],
"notes": [
{
"category": "general",
"text": "Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15750",
"url": "https://www.suse.com/security/cve/CVE-2018-15750"
},
{
"category": "external",
"summary": "SUSE Bug 1113698 for CVE-2018-15750",
"url": "https://bugzilla.suse.com/1113698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-26T12:19:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-15750"
},
{
"cve": "CVE-2018-15751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15751"
}
],
"notes": [
{
"category": "general",
"text": "SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15751",
"url": "https://www.suse.com/security/cve/CVE-2018-15751"
},
{
"category": "external",
"summary": "SUSE Bug 1113698 for CVE-2018-15751",
"url": "https://bugzilla.suse.com/1113698"
},
{
"category": "external",
"summary": "SUSE Bug 1113699 for CVE-2018-15751",
"url": "https://bugzilla.suse.com/1113699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-26T12:19:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-15751"
},
{
"cve": "CVE-2020-11651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11651"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11651",
"url": "https://www.suse.com/security/cve/CVE-2020-11651"
},
{
"category": "external",
"summary": "SUSE Bug 1170595 for CVE-2020-11651",
"url": "https://bugzilla.suse.com/1170595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-26T12:19:27Z",
"details": "critical"
}
],
"title": "CVE-2020-11651"
},
{
"cve": "CVE-2020-11652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11652"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11652",
"url": "https://www.suse.com/security/cve/CVE-2020-11652"
},
{
"category": "external",
"summary": "SUSE Bug 1170595 for CVE-2020-11652",
"url": "https://bugzilla.suse.com/1170595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:python2-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:python3-salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-api-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-bash-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-cloud-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-doc-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-fish-completion-3000-lp151.5.21.1.noarch",
"openSUSE Leap 15.1:salt-master-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-minion-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-proxy-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-ssh-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-standalone-formulas-configuration-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-syndic-3000-lp151.5.21.1.x86_64",
"openSUSE Leap 15.1:salt-zsh-completion-3000-lp151.5.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-26T12:19:27Z",
"details": "critical"
}
],
"title": "CVE-2020-11652"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…