Search Results | AttackerKB

Show filters

Topics 2 Users 9,710

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

Very High

CVE-2020-11651

Disclosure Date: April 30, 2020 (last updated February 21, 2025)

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Attack Vector: Network Privileges: None User Interaction: None

6

Attacker Value

Unknown

CVE-2020-11652

Disclosure Date: April 30, 2020 (last updated February 21, 2025)

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Attack Vector: Network Privileges: Low User Interaction: None

0