CVE-2020-11652

Warning

Exploit

EPSS 94.27%
Published 30.04.2020 17:15:12
Last modified 03.04.2025 19:52:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Affected products Warnungen 1 Metrics 4 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Saltstack ≫ Salt Version < 2019.2.4

Saltstack ≫ Salt Version >= 3000 < 3000.2

Opensuse ≫ Leap Version15.1

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Blackberry ≫ Workspaces Server Version <= 7.1.3

Blackberry ≫ Workspaces Server Version >= 8.0.0 <= 8.2.6

Blackberry ≫ Workspaces Server Version9.1.0

VMware ≫ Application Remote Collector Version7.5.0

VMware ≫ Application Remote Collector Version8.0.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

SaltStack Salt Path Traversal Vulnerability

Vulnerability

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.27%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4459-1/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4676

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html

Third Party Advisory