PT-2021-7507 · Saltstack+3 · Saltstack Salt+3

Published

2016-11-21

·

Updated

2024-10-15

·

CVE-2020-35662

CVSS v3.1

7.4

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions SaltStack Salt versions prior to 3002.5
Description The issue is related to errors in the SSL certificate validation procedure during authentication to services using certain modules. This can allow a remote attacker to perform a man-in-the-middle attack.
Recommendations For versions prior to 3002.5, update to version 3002.5 or later to resolve the issue.

Fix

Improper Certificate Validation

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2016-2317
ALT-PU-2017-2801
ALT-PU-2018-2416
ALT-PU-2019-2322
ALT-PU-2019-2359
ALT-PU-2021-1590
ALT-PU-2021-1591
ALT-PU-2021-1982
ALT-PU-2022-3218
BDU:2022-07041
CVE-2020-35662
DLA-2815-1
DSA-5011-1
GHSA-QX72-Q6W3-QGC7
OPENSUSE-SU-2021:0347-1
OPENSUSE-SU-2021_0347-1
PYSEC-2021-75
SUSE-RU-2021:0632-1
SUSE-RU-2021:0633-1
SUSE-SU-2021:0624-1
SUSE-SU-2021:0626-1
SUSE-SU-2021:0627-1
SUSE-SU-2021:0628-1
SUSE-SU-2021:0630-1
SUSE-SU-2021:0631-1
SUSE-SU-2021:0914-1
SUSE-SU-2021:0915-1
SUSE-SU-2021:14650-1
SUSE-SU-2021:1690-1
SUSE-SU-2021_14650-1
SUSE-SU-2021_14682-1
USN-6948-1

Affected Products

Alt Linux
Saltstack Salt
Suse
Ubuntu