CVE-2020-16846

Warning

Exploit

EPSS 94.39%
Published 06.11.2020 08:15:13
Last modified 14.03.2025 17:28:24
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Affected products Warnungen 1 Metrics 4 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Saltstack ≫ Salt Version < 2015.8.10

Saltstack ≫ Salt Version >= 2015.8.11 < 2015.8.13

Saltstack ≫ Salt Version >= 2016.3.0 < 2016.3.4

Saltstack ≫ Salt Version >= 2016.3.5 < 2016.3.6

Saltstack ≫ Salt Version >= 2016.3.7 < 2016.3.8

Saltstack ≫ Salt Version >= 2016.11.0 < 2016.11.3

Saltstack ≫ Salt Version >= 2016.11.4 < 2016.11.6

Saltstack ≫ Salt Version >= 2016.11.7 < 2016.11.10

Saltstack ≫ Salt Version >= 2017.5.0 < 2017.7.4

Saltstack ≫ Salt Version >= 2017.7.5 < 2017.7.8

Saltstack ≫ Salt Version >= 2018.2.0 < 2018.3.5

Saltstack ≫ Salt Version >= 2019.2.0 < 2019.2.5

Saltstack ≫ Salt Version >= 3000.0 < 3000.3

Saltstack ≫ Salt Version3001

Saltstack ≫ Salt Version3002

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version31

Opensuse ≫ Leap Version15.1

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

SaltStack Salt Shell Injection Vulnerability

Vulnerability

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.39%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://github.com/saltstack/salt/releases

Release Notes

https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html

Third Party Advisory

Mailing List