PT-2020-5856 · Saltstack+3 · Saltstack Salt+3

Published

2016-11-21

·

Updated

2024-08-08

·

CVE-2020-25592

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002
Description: The issue is related to the improper validation of eauth credentials and tokens by the salt-netapi component in SaltStack Salt. This allows a user to bypass authentication and invoke Salt SSH, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.
Recommendations: For SaltStack Salt versions through 3002, update to a version that properly validates eauth credentials and tokens to prevent authentication bypass and invocation of Salt SSH. As a temporary workaround, consider restricting access to the salt-netapi component until a patch is available. Avoid using the salt-netapi component for sensitive operations until the issue is resolved.

Exploit

Fix

RCE

Improper Authentication

Weakness Enumeration

CWE-20CWE-287

Related Identifiers

ALT-PU-2016-2317
ALT-PU-2017-2801
ALT-PU-2018-2416
ALT-PU-2019-2322
ALT-PU-2019-2359
ALT-PU-2020-2668
ALT-PU-2020-2697
ALT-PU-2021-1591
ALT-PU-2021-1982
ALT-PU-2022-3218
BDU:2021-01900
CVE-2020-25592
DLA-2480-1
DSA-4837-1
GHSA-29J3-2446-5J4W
OPENSUSE-SU-2020:1833-1
OPENSUSE-SU-2020:1868-1
OPENSUSE-SU-2020_1833-1
OPENSUSE-SU-2020_1868-1
OPENSUSE-SU-2021:0899-1
OPENSUSE-SU-2021:2106-1
OPENSUSE-SU-2021_0899-1
OPENSUSE-SU-2021_2106-1
OPENSUSE-SU-2024:11364-1
PYSEC-2020-106
SUSE-SU-2020:14538-1
SUSE-SU-2020:3155-1
SUSE-SU-2020:3171-1
SUSE-SU-2020:3235-1
SUSE-SU-2020:3243-1
SUSE-SU-2020:3244-1
SUSE-SU-2020:3245-1
SUSE-SU-2020:3250-1
SUSE-SU-2020:3251-1
SUSE-SU-2020_14570-1
SUSE-SU-2021:2105-1
SUSE-SU-2021:2106-1
USN-6948-1

Affected Products

Alt Linux
Saltstack Salt
Suse
Ubuntu