An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

OSVersionArchitecturePackageVersionFilename
Debian11allsalt< 3000.2+dfsg1-1salt_3000.2+dfsg1-1_all.deb
Debian10allsalt< 2018.3.4+dfsg1-6+deb10u1salt_2018.3.4+dfsg1-6+deb10u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	salt	< 3000.2+dfsg1-1	salt_3000.2+dfsg1-1_all.deb
Debian	10	all	salt	< 2018.3.4+dfsg1-6+deb10u1	salt_2018.3.4+dfsg1-6+deb10u1_all.deb

githubexploit 10

veracode 1

ubuntucve 1

prion 1

osv 6

nessus 20

cve 1

redhatcve 1

cisa_kev 1

github 1

alpinelinux 1

trendmicroblog 1

archlinux 1

cisco 1

debian 5

thn 3

attackerkb 4

cisa 1

threatpost 3

openvas 13

checkpoint_advisories 1

zdt 3

suse 4

vmware 1

packetstorm 2

huawei 1

metasploit 2

freebsd 1

photon 4

rapid7blog 1

exploitdb 1

ubuntu 1

githubexploit

Exploit for CVE-2020-11651

2021-10-01 14:33:29

Exploit for CVE-2020-11651

2020-05-04 20:34:04

Exploit for CVE-2020-11651

2020-05-07 04:41:25

veracode

Authentication Bypass

2020-05-04 05:37:27

ubuntucve

CVE-2020-11651

2020-04-30 00:00:00

prion

Authentication flaw

2020-04-30 17:15:00

osv

PYSEC-2020-102

2020-04-30 17:15:00

SaltStack Salt Unauthenticated Remote Code Execution

2022-05-24 17:16:59

CVE-2020-11651

2020-04-30 17:15:12

nessus

SaltStack < 2019.2.4 / 3000.x < 3000.2 Authentication Bypass (CVE-2020-11651)

2020-05-08 00:00:00

SaltStack < 2019.2.4 / 3000.x < 3000.2 Multiple Vulnerabilities

2020-05-07 00:00:00

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:1150-1)

2020-04-30 00:00:00

cve

CVE-2020-11651

2020-04-30 17:15:00

redhatcve

CVE-2020-11651

2020-05-06 17:39:55

cisa_kev

SaltStack Salt Authentication Bypass Vulnerability

2021-11-03 00:00:00

github

SaltStack Salt Unauthenticated Remote Code Execution

2022-05-24 17:16:59

alpinelinux

CVE-2020-11651

2020-04-30 17:15:00

trendmicroblog

This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers

2020-05-29 12:27:26

archlinux

[ASA-202005-1] salt: multiple issues

2020-05-05 00:00:00

cisco

SaltStack FrameWork Vulnerabilities Affecting Cisco Products

2020-05-28 16:00:00

debian

[SECURITY] [DLA 2223-1] salt security update

2020-05-30 04:21:15

[SECURITY] [DSA 4676-2] salt security update

2020-05-07 20:16:07

[SECURITY] [DSA 4676-2] salt security update

2020-05-07 20:16:07

thn

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

2020-05-04 04:00:00

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

2020-05-01 13:04:00

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

attackerkb

CVE-2020-11651

2020-04-30 00:00:00

CVE-2020-11652

2020-04-30 00:00:00

CVE-2020-25592 — SaltStack Authentication Bypass and Salt SSH Command Execution

2020-11-06 00:00:00

cisa

SaltStack Patches Critical Vulnerabilities in Salt

2020-05-01 00:00:00

threatpost

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

2020-05-04 19:23:41

Salt Bugs Allow Full RCE as Root on Cloud Servers

2020-04-30 20:54:50

Hackers Compromise Cisco Servers Via SaltStack Flaws

2020-05-28 20:51:25

openvas

openSUSE: Security Advisory for salt (openSUSE-SU-2020:0564-1)

2020-05-01 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:1151-1)

2021-04-19 00:00:00

Debian: Security Advisory (DLA-2223-1)

2020-05-31 00:00:00

checkpoint_advisories

Saltstack Salt Authentication Bypass (CVE-2020-11651; CVE-2020-11652)

2020-05-05 00:00:00

zdt

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit

2020-05-12 00:00:00

Saltstack 3000.1 - Remote Code Execution Exploit

2020-05-04 00:00:00

Saltstack 3000.1 Remote Code Execution Exploit

2020-05-07 00:00:00

suse

Security update for salt (critical)

2020-04-30 00:00:00

Security update for salt (moderate)

2020-07-26 00:00:00

Security update for salt (critical)

2021-06-23 00:00:00

vmware

vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)

2020-05-08 00:00:00

packetstorm

Saltstack 3000.1 Remote Code Execution

2020-05-05 00:00:00

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

2020-05-12 00:00:00

huawei

Security Advisory - Two Vulnerabilities in SaltStack Salt

2020-07-15 00:00:00

metasploit

SaltStack Salt Master/Minion Unauthenticated RCE

2020-05-11 17:05:38

SaltStack Salt Master Server Root Key Disclosure

2020-05-11 17:05:38

freebsd

salt -- multiple vulnerabilities in salt-master process

2020-04-30 00:00:00

photon

Critical Photon OS Security Update - PHSA-2020-0091

2020-05-15 00:00:00

Critical Photon OS Security Update - PHSA-2020-3.0-0091

2020-05-15 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0294

2020-05-14 00:00:00

rapid7blog

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

2020-11-10 14:22:33

exploitdb

Saltstack 3000.1 - Remote Code Execution

2020-05-05 00:00:00

ubuntu

Salt vulnerabilities

2020-08-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

JSON

Related for DEBIANCVE:CVE-2020-11651