Lucene search
K

14 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.6 views

SUSE CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

7.2CVSS9.4AI score0.86063EPSS
Exploits17References32
OSV
OSV
added 2022/05/24 5:16 p.m.32 views

GHSA-VP49-2G4R-M3X3 SaltStack Salt is vulnerable Arbitrary Directory Access

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

7.1CVSS8.1AI score0.86063EPSS
Exploits17References16
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

SaltStack Salt Authentication Bypass Vulnerability

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/...

9.8CVSS9.1AI score0.96405EPSS
In wildExploits24
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

SaltStack Salt Path Traversal Vulnerability

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability...

6.5CVSS7.7AI score0.86063EPSS
In wildExploits17
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.5 views

The vulnerability of the ClearFuncs component in the configuration management system and the remote execution of SaltStack operations allows a perpetrator to gain access to confidential data.

The vulnerability of the ClearFuncs component in the configuration management system and remote execution of SaltStack operations is related to the lack of a mechanism for verifying input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential...

6.8CVSS7.7AI score0.86063EPSS
Exploits17References8Affected Software3
RedhatCVE
RedhatCVE
added 2020/05/06 5:39 p.m.45 views

CVE-2020-11651

An authentication bypass vulnerability was found in Salt, where it is susceptible to arbitrary code execution when processing unauthenticated requests by the ClearFuncs class. This flaw allows an attacker to execute arbitrary code on Salt minions as root. Mitigation Red Hat has investigated wheth...

7.5CVSS9.8AI score0.96405EPSS
Exploits24References5
NVD
NVD
added 2020/04/30 5:15 p.m.24 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS8AI score0.86063EPSS
Exploits17References13
PyPA
PyPA
added 2020/04/30 5:15 p.m.9 views

PYSEC-2020-102

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...

9.8CVSS7.3AI score0.96405EPSS
Exploits24References12Affected Software1
OSV
OSV
added 2020/04/30 5:15 p.m.2 views

UBUNTU-CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS7.2AI score0.86063EPSS
Exploits17References8
Prion
Prion
added 2020/04/30 5:15 p.m.33 views

Improper access control

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

4CVSS7.8AI score0.86063EPSS
Exploits17References12Affected Software6
OSV
OSV
added 2020/04/30 5:15 p.m.1 views

UBUNTU-CVE-2020-11651

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...

9.8CVSS7.5AI score0.96405EPSS
Exploits24References8
CVE
CVE
added 2020/04/30 5:0 p.m.1345 views

CVE-2020-11652

CVE-2020-11652 affects SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2, where the salt-master ClearFuncs class allows authenticated users to access methods that do not properly sanitize paths, enabling arbitrary directory access. This is a directory-traversal vulnerability in the salt-m...

6.5CVSS7.8AI score0.86063EPSS
In wildExploits17References13Affected Software1
Cvelist
Cvelist
added 2020/04/30 5:0 p.m.30 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

8AI score0.86063EPSS
Exploits17References12
AlpineLinux
AlpineLinux
added 2020/04/30 5:0 p.m.63 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS8.2AI score0.86063EPSS
Exploits17
Rows per page
Query Builder