PT-2020-5859 · Saltstack+3 · Saltstack Salt+3

Published

2016-11-21

·

Updated

2025-07-30

·

CVE-2020-16846

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002
Description: The issue is related to a lack of measures to neutralize special elements in the Salt configuration management and remote execution system. Exploitation of this issue allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can be exploited by sending crafted web requests to the Salt API, with the SSH client enabled, resulting in shell injection.
Recommendations: For versions through 3002, update to a version that contains a fix for this issue to prevent shell injection and command injection vulnerabilities. As a temporary workaround, consider disabling the SSH client in the Salt API until a patch is available. Restrict access to the Salt API to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Weakness Enumeration

CWE-78

Related Identifiers

ALT-PU-2016-2317
ALT-PU-2017-2801
ALT-PU-2018-2416
ALT-PU-2019-2322
ALT-PU-2019-2359
ALT-PU-2020-2668
ALT-PU-2020-2697
ALT-PU-2021-1591
ALT-PU-2021-1982
ALT-PU-2022-3218
BDU:2021-01903
CVE-2020-16846
DLA-2480-1
DLA-2480-2
DSA-4837-1
GHSA-QR38-H96J-2J3W
OPENSUSE-SU-2020:1833-1
OPENSUSE-SU-2020:1868-1
OPENSUSE-SU-2020_1833-1
OPENSUSE-SU-2020_1868-1
PYSEC-2020-104
SALTSTACKCVE2020_16846
SUSE-SU-2020:14538-1
SUSE-SU-2020:3155-1
SUSE-SU-2020:3171-1
SUSE-SU-2020:3235-1
SUSE-SU-2020:3243-1
SUSE-SU-2020:3244-1
SUSE-SU-2020:3245-1
SUSE-SU-2020:3250-1
SUSE-SU-2020:3251-1
SUSE-SU-2020_14538-1
SUSE-SU-2020_14570-1
SUSE-SU-2020_3155-1
SUSE-SU-2020_3243-1
SUSE-SU-2020_3244-1
SUSE-SU-2020_3245-1
USN-6948-1
USN-7181-1
ZDI-20-1379
ZDI-20-1380
ZDI-20-1381
ZDI-20-1382
ZDI-20-1383

Affected Products

Alt Linux
Saltstack Salt
Suse
Ubuntu