Lucene search

CVE-2020-16846

🗓️ 06 Nov 2020 08:13:15Reported by [email protected]Type

An issue discovered in SaltStack Salt through 3002 enabling shell injection via crafted web requests to the AP

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 74
OSV	CVE-2020-16846	6 Nov 202008:15	–	osv
OSV	SaltStack Salt Command Injection in netapi ssh client	24 May 202217:33	–	osv
OSV	USN-7181-1 salt vulnerability	6 Jan 202513:09	–	osv
OSV	PYSEC-2020-104	6 Nov 202008:15	–	osv
OSV	salt - security update	24 Jan 202100:00	–	osv
OSV	salt - security update	4 Dec 202000:00	–	osv
OSV	USN-6948-1 salt vulnerabilities	8 Aug 202419:21	–	osv
Prion	Design/Logic Flaw	6 Nov 202008:15	–	prion
Zero Day Initiative	SaltStack Salt rest_cherrypy ssh_options Command Injection Remote Code Execution Vulnerability	24 Nov 202000:00	–	zdi
Zero Day Initiative	SaltStack Salt rest_cherrypy ssh_remote_port_forwards Command Injection Remote Code Execution Vulnerability	24 Nov 202000:00	–	zdi

Nvd

Node

saltstack saltRange<2015.8.10

saltstack saltRange2015.8.11–2015.8.13

saltstack saltRange2016.3.0–2016.3.4

saltstack saltRange2016.3.5–2016.3.6

saltstack saltRange2016.3.7–2016.3.8

saltstack saltRange2016.11.0–2016.11.3

saltstack saltRange2016.11.4–2016.11.6

saltstack saltRange2016.11.7–2016.11.10

saltstack saltRange2017.5.0–2017.7.4

saltstack saltRange2017.7.5–2017.7.8

saltstack saltRange2018.2.0–2018.3.5

saltstack saltRange2019.2.0–2019.2.5

saltstack saltRange3000.0–3000.3

saltstack saltMatch3001

saltstack saltMatch3002

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

fedoraproject fedoraMatch31

Node

opensuse leapMatch15.1

Source	Link
debian	www.debian.org/security/2021/dsa-4837
packetstormsecurity	www.packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
github	www.github.com/saltstack/salt/releases
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
lists	www.lists.debian.org/debian-lts-announce/2022/01/msg00000.html
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-20-1379/
lists	www.lists.debian.org/debian-lts-announce/2020/12/msg00007.html
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-20-1381/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-20-1382/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Nov 2020 08:15Current

9.6High risk

Vulners AI Score9.6

CVSS27.5

CVSS39.8

EPSS0.94387

CWE-78