Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Very High

CVE-2020-25592 — SaltStack Authentication Bypass and Salt SSH Command Execution

Disclosure Date: November 06, 2020 (last updated February 22, 2025)
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
1
Attacker Value
Very High

CVE-2020-16846 — SaltStack Unauthenticated Shell Injection

Disclosure Date: November 06, 2020 (last updated February 22, 2025)
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
2
Attacker Value
Unknown

CVE-2020-17490

Disclosure Date: November 06, 2020 (last updated February 22, 2025)
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0