Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2020-28243

🗓️ 27 Feb 2021 05:13:15Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov📰️ 19 Media mentions👁 245 Views🌐 WEB

An issue in SaltStack Salt before 3002.5 allows local privilege escalation via crafted process name

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Detection
Refs
Paths
Social
ReporterTitlePublishedViews
Family
CNVD		SaltStack Salt Command Injection Vulnerability (CNVD-2021-15056)
1 Mar 202100:00
cnvd
Veracode		OS Command Injection
1 Mar 202106:07
veracode
Prion		Command injection
27 Feb 202105:15
prion
Github Security Blog		SaltStack Salt command injection via a crafted process name
24 May 202217:43
github
Debian CVE		CVE-2020-28243
27 Feb 202105:15
debiancve
OSV		GHSA-PHHW-3WC9-8Q75 SaltStack Salt command injection via a crafted process name
24 May 202217:43
osv
OSV		CVE-2020-28243
27 Feb 202105:15
osv
OSV		UBUNTU-CVE-2020-28243
27 Feb 202105:15
osv
OSV		PYSEC-2021-73
27 Feb 202105:15
osv
OSV		SUSE-SU-2021:0626-1 Security update for py26-compat-salt
26 Feb 202110:11
osv
Rows per page
Nvd
Node
saltstacksaltRange<2015.8.10
OR
saltstacksaltRange2015.8.112015.8.13
OR
saltstacksaltRange2016.3.02016.3.4
OR
saltstacksaltRange2016.3.52016.3.6
OR
saltstacksaltRange2016.3.72016.3.8
OR
saltstacksaltRange2016.3.92016.11.3
OR
saltstacksaltRange2016.11.42016.11.5
OR
saltstacksaltRange2016.11.72016.11.10
OR
saltstacksaltRange2017.5.02017.7.8
OR
saltstacksaltRange2018.2.02018.3.5
OR
saltstacksaltRange2019.2.02019.2.5
OR
saltstacksaltRange2019.2.62019.2.8
OR
saltstacksaltRange30003000.6
OR
saltstacksaltRange30013001.4
OR
saltstacksaltRange30023002.5
Node
fedoraprojectfedoraMatch32
OR
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
SourceLink
listswww.lists.debian.org/debian-lts-announce/2021/11/msg00009.html
securitywww.security.gentoo.org/glsa/202103-01
securitywww.security.gentoo.org/glsa/202310-22
secwww.sec.stealthcopter.com/cve-2020-28243/
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
githubwww.github.com/stealthcopter/CVE-2020-28243
debianwww.debian.org/security/2021/dsa-5011
saltprojectwww.saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
Rows per page
ParameterPositionPathDescriptionCWE
process namepathrestartcheck.restartcheckCommand injection vulnerability allowing privilege escalation via crafted process names.CWE-77
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Feb 2021 05:15Current
8.5High risk
Vulners AI Score8.5
CVSS24.4
CVSS37.8
EPSS0.0188
CWE-77
saltstacksaltcve-2020-28243vulnerabilitylocal privilege escalationcommand injection
245
.json
Report