logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-11652

Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.


Affected Software


CPE Name Name Version
saltstack:salt saltstack salt 2019.2.4
saltstack:salt saltstack salt 3000.2
opensuse:leap opensuse leap 15.1
debian:debian_linux debian debian linux 8.0
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
canonical:ubuntu_linux canonical ubuntu linux 16.04
canonical:ubuntu_linux canonical ubuntu linux 18.04
blackberry:workspaces_server blackberry workspaces server 7.1.3
blackberry:workspaces_server blackberry workspaces server 8.2.6
blackberry:workspaces_server blackberry workspaces server 9.1.0
vmware:application_remote_collector vmware application remote collector 7.5.0
vmware:application_remote_collector vmware application remote collector 8.0.0

Related