PT-2020-3607 · Saltstack+3 · Saltstack Salt+3
Published
2016-11-21
·
Updated
2024-06-25
·
CVE-2020-11652
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A |
Name of the Vulnerable Software and Affected Versions
SaltStack Salt versions prior to 2019.2.4
SaltStack Salt versions 3000 prior to 3000.2
Description
An issue was discovered in SaltStack Salt where the salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths, enabling arbitrary directory access to authenticated users. This is related to a lack of input validation mechanism in the ClearFuncs component of the SaltStack configuration management and remote execution system. Exploitation of this issue may allow a remote attacker to access confidential data.
Recommendations
For SaltStack Salt versions prior to 2019.2.4, update to version 2019.2.4 or later.
For SaltStack Salt versions 3000 prior to 3000.2, update to version 3000.2 or later.
As a temporary workaround, consider restricting access to the ClearFuncs class methods until a patch is available.
Exploit
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Saltstack Salt
Suse
Ubuntu