CVE-2020-28243

2021-02-27T00:00:00
ID UB:CVE-2020-28243
Type ubuntucve
Reporter ubuntu.com
Modified 2021-02-27T00:00:00

Description

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

Bugs

  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983632>