Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Very High

CVE-2020-11651

Disclosure Date: April 30, 2020 (last updated November 27, 2024)
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Attacker Value
Very High

CVE-2020-25592 — SaltStack Authentication Bypass and Salt SSH Command Execution

Disclosure Date: November 06, 2020 (last updated November 08, 2023)
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Attacker Value
Very High

CVE-2020-16846 — SaltStack Unauthenticated Shell Injection

Disclosure Date: November 06, 2020 (last updated July 27, 2024)
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.