An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html

lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html

packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html

www.vmware.com/security/advisories/VMSA-2020-0009.html

docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst

lists.debian.org/debian-lts-announce/2020/05/msg00027.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG

usn.ubuntu.com/4459-1/

www.debian.org/security/2020/dsa-4676

githubexploit 10

veracode 1

debiancve 1

ubuntucve 1

cisa_kev 1

redhatcve 1

cve 1

github 1

nvd 1

osv 7

prion 1

nessus 21

alpinelinux 1

trendmicroblog 1

debian 5

archlinux 1

cisco 1

suse 4

zdt 3

checkpoint_advisories 1

vmware 1

packetstorm 2

openvas 14

attackerkb 4

huawei 1

thn 3

threatpost 3

cisa 1

freebsd 1

metasploit 2

ubuntu 2

rapid7blog 1

photon 4

exploitdb 1

githubexploit

Exploit for CVE-2020-11651

2021-10-01 14:33:29

Exploit for CVE-2020-11651

2020-05-04 20:34:04

Exploit for CVE-2020-11651

2020-05-07 04:41:25

veracode

Authentication Bypass

2020-05-04 05:37:27

debiancve

CVE-2020-11651

2020-04-30 17:15:12

ubuntucve

CVE-2020-11651

2020-04-30 00:00:00

cisa_kev

SaltStack Salt Authentication Bypass Vulnerability

2021-11-03 00:00:00

redhatcve

CVE-2020-11651

2020-05-06 17:39:55

cve

CVE-2020-11651

2020-04-30 17:15:12

github

SaltStack Salt Unauthenticated Remote Code Execution

2022-05-24 17:16:59

nvd

CVE-2020-11651

2020-04-30 17:15:12

osv

SaltStack Salt Unauthenticated Remote Code Execution

2022-05-24 17:16:59

PYSEC-2020-102

2020-04-30 17:15:00

CVE-2020-11651

2020-04-30 17:15:12

prion

Authentication flaw

2020-04-30 17:15:00

nessus

SaltStack < 2019.2.4 / 3000.x < 3000.2 Authentication Bypass (CVE-2020-11651)

2020-05-08 00:00:00

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:1150-1)

2020-04-30 00:00:00

SaltStack < 2019.2.4 / 3000.x < 3000.2 Multiple Vulnerabilities

2020-05-07 00:00:00

alpinelinux

CVE-2020-11651

2020-04-30 17:15:12

trendmicroblog

This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers

2020-05-29 12:27:26

debian

[SECURITY] [DLA 2223-1] salt security update

2020-05-30 04:21:15

[SECURITY] [DSA 4676-2] salt security update

2020-05-07 20:16:07

[SECURITY] [DSA 4676-2] salt security update

2020-05-07 20:16:07

archlinux

[ASA-202005-1] salt: multiple issues

2020-05-05 00:00:00

cisco

SaltStack FrameWork Vulnerabilities Affecting Cisco Products

2020-05-28 16:00:00

suse

Security update for salt (critical)

2020-04-30 00:00:00

Security update for salt (moderate)

2020-07-26 00:00:00

Security update for salt (critical)

2021-07-11 00:00:00

zdt

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit

2020-05-12 00:00:00

Saltstack 3000.1 - Remote Code Execution Exploit

2020-05-04 00:00:00

Saltstack 3000.1 Remote Code Execution Exploit

2020-05-07 00:00:00

checkpoint_advisories

Saltstack Salt Authentication Bypass (CVE-2020-11651; CVE-2020-11652)

2020-05-05 00:00:00

vmware

vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)

2020-05-08 00:00:00

packetstorm

Saltstack 3000.1 Remote Code Execution

2020-05-05 00:00:00

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

2020-05-12 00:00:00

openvas

Debian: Security Advisory (DLA-2223-1)

2020-05-31 00:00:00

Ubuntu: Security Advisory (USN-6849-1)

2024-06-26 00:00:00

openSUSE: Security Advisory for salt (openSUSE-SU-2020:0564-1)

2020-05-01 00:00:00

attackerkb

CVE-2020-11652

2020-04-30 00:00:00

CVE-2020-11651

2020-04-30 00:00:00

CVE-2020-25592 — SaltStack Authentication Bypass and Salt SSH Command Execution

2020-11-06 00:00:00

huawei

Security Advisory - Two Vulnerabilities in SaltStack Salt

2020-07-15 00:00:00

thn

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

2020-05-04 04:00:00

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

2020-05-01 13:04:00

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

threatpost

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

2020-05-04 19:23:41

Salt Bugs Allow Full RCE as Root on Cloud Servers

2020-04-30 20:54:50

Hackers Compromise Cisco Servers Via SaltStack Flaws

2020-05-28 20:51:25

cisa

SaltStack Patches Critical Vulnerabilities in Salt

2020-05-01 00:00:00

freebsd

salt -- multiple vulnerabilities in salt-master process

2020-04-30 00:00:00

metasploit

SaltStack Salt Master/Minion Unauthenticated RCE

2020-05-11 17:05:38

SaltStack Salt Master Server Root Key Disclosure

2020-05-11 17:05:38

ubuntu

Salt vulnerabilities

2024-06-25 00:00:00

Salt vulnerabilities

2020-08-13 00:00:00

rapid7blog

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

2020-11-10 14:22:33

photon

Critical Photon OS Security Update - PHSA-2020-0091

2020-05-15 00:00:00

Critical Photon OS Security Update - PHSA-2020-3.0-0091

2020-05-15 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0294

2020-05-14 00:00:00

exploitdb

Saltstack 3000.1 - Remote Code Execution

2020-05-05 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.7 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

Related for CVELIST:CVE-2020-11651