An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

veracode 1

checkpoint_advisories 1

zdi 5

osv 5

cve 1

debiancve 1

prion 1

redhatcve 1

githubexploit 1

metasploit 1

cisa_kev 1

alpinelinux 1

nessus 15

nuclei 1

ubuntucve 1

github 1

packetstorm 1

zdt 1

suse 2

attackerkb 2

openvas 11

debian 4

rapid7blog 2

gentoo 1

archlinux 1

freebsd 1

veracode

Shell Injection

2020-11-10 05:27:00

checkpoint_advisories

SaltStack Salt API SSH Client Command Injection (CVE-2020-16846)

2021-11-16 00:00:00

zdi

SaltStack Salt rest_cherrypy ssh_priv Command Injection Remote Code Execution Vulnerability

2020-11-24 00:00:00

SaltStack Salt rest_cherrypy ssh_remote_port_forwards Command Injection Remote Code Execution Vulnerability

2020-11-24 00:00:00

SaltStack Salt rest_cherrypy ssh_options Command Injection Remote Code Execution Vulnerability

2020-11-24 00:00:00

osv

SaltStack Salt Command Injection in netapi ssh client

2022-05-24 17:33:18

CVE-2020-16846

2020-11-06 08:15:13

PYSEC-2020-104

2020-11-06 08:15:00

cve

CVE-2020-16846

2020-11-06 08:15:00

debiancve

CVE-2020-16846

2020-11-06 08:15:00

prion

Design/Logic Flaw

2020-11-06 08:15:00

redhatcve

CVE-2020-16846

2020-11-06 17:29:13

githubexploit

Exploit for OS Command Injection in Saltstack Salt

2021-10-14 10:09:48

metasploit

SaltStack Salt REST API Arbitrary Command Execution

2020-11-11 19:09:26

cisa_kev

SaltStack Salt Shell Injection Vulnerability

2021-11-03 00:00:00

alpinelinux

CVE-2020-16846

2020-11-06 08:15:00

nessus

SaltStack Unauthenticated RCE (direct check)

2021-02-15 00:00:00

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:3243-1)

2020-12-09 00:00:00

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:3155-1)

2020-12-09 00:00:00

nuclei

SaltStack <=3002 - Shell Injection

2020-11-18 17:21:07

ubuntucve

CVE-2020-16846

2020-11-06 00:00:00

github

SaltStack Salt Command Injection in netapi ssh client

2022-05-24 17:33:18

packetstorm

SaltStack Salt REST API Arbitrary Command Execution

2020-11-12 00:00:00

zdt

SaltStack Salt REST API Arbitrary Command Execution Exploit

2020-11-12 00:00:00

suse

Security update for salt (critical)

2020-11-05 00:00:00

Security update for salt (critical)

2020-11-07 00:00:00

attackerkb

CVE-2020-16846 — SaltStack Unauthenticated Shell Injection

2020-11-06 00:00:00

CVE-2020-25592 — SaltStack Authentication Bypass and Salt SSH Command Execution

2020-11-06 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2020:3243-1)

2021-06-09 00:00:00

Debian: Security Advisory (DSA-4837-1)

2021-01-25 00:00:00

openSUSE: Security Advisory for salt (openSUSE-SU-2020:1833-1)

2020-11-06 00:00:00

debian

[SECURITY] [DLA 2480-1] salt security update

2020-12-04 17:34:18

[SECURITY] [DSA 4837-1] salt security update

2021-01-24 15:29:56

[SECURITY] [DSA 4837-1] salt security update

2021-01-24 15:29:40

rapid7blog

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

2020-11-10 14:22:33

Metasploit Wrap-Up

2020-11-13 19:08:01

gentoo

Salt: Multiple vulnerabilities

2020-11-11 00:00:00

archlinux

[ASA-202011-7] salt: multiple issues

2020-11-10 00:00:00

freebsd

salt -- multiple vulnerabilities

2020-11-06 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

Low

0.975 High

EPSS

Percentile

100.0%

JSON

Related for CVELIST:CVE-2020-16846