2 matches found
CVE-2020-11651
SaltStack Salt (CVE-2020-11651) vulnerable in Salt before 2019.2.4 and 3000 before 3000.2: the salt-master ClearFuncs class does not properly validate method calls, enabling a remote, unauthenticated user to access certain methods, retrieve user tokens from the salt-master, and potentially run ar...
CVE-2020-11652
CVE-2020-11652 affects SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2, where the salt-master ClearFuncs class allows authenticated users to access methods that do not properly sanitize paths, enabling arbitrary directory access. This is a directory-traversal vulnerability in the salt-m...