PT-2021-5492 · Saltstack+3 · Saltstack Salt+3

Stealthcopter

·

Published

2016-11-21

·

Updated

2024-08-08

·

CVE-2020-28243

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SaltStack Salt versions prior to 3002.5
Description An issue was discovered in SaltStack Salt where the minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create files on the minion in a non-blacklisted directory.
Recommendations For SaltStack Salt versions prior to 3002.5, update to version 3002.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the minion's restartcheck functionality to minimize the risk of exploitation. Additionally, restrict file creation capabilities in non-blacklisted directories to limit the potential for command injection attacks.

Exploit

Fix

LPE

OS Command Injection

Command Injection

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

ALT-PU-2016-2317
ALT-PU-2017-1436
ALT-PU-2017-2801
ALT-PU-2018-2416
ALT-PU-2019-2322
ALT-PU-2019-2359
ALT-PU-2020-1935
ALT-PU-2020-1949
ALT-PU-2020-2668
ALT-PU-2020-2697
ALT-PU-2021-1590
ALT-PU-2021-1591
ALT-PU-2021-1982
ALT-PU-2021-2076
ALT-PU-2022-1683
ALT-PU-2022-3177
ALT-PU-2022-3214
ALT-PU-2022-3218
BDU:2021-06341
CVE-2020-28243
DLA-2480-2
DLA-2815-1
DSA-5011-1
GHSA-PHHW-3WC9-8Q75
OPENSUSE-SU-2021:0347-1
OPENSUSE-SU-2021_0347-1
OPENSUSE-SU-2024:11364-1
PYSEC-2021-73
SUSE-RU-2021:0632-1
SUSE-RU-2021:0633-1
SUSE-SU-2021:0624-1
SUSE-SU-2021:0626-1
SUSE-SU-2021:0627-1
SUSE-SU-2021:0628-1
SUSE-SU-2021:0630-1
SUSE-SU-2021:0631-1
SUSE-SU-2021:0914-1
SUSE-SU-2021:0915-1
SUSE-SU-2021:14650-1
SUSE-SU-2021:1690-1
SUSE-SU-2021_14650-1
SUSE-SU-2021_14682-1
USN-6948-1

Affected Products

Alt Linux
Saltstack Salt
Suse
Ubuntu