CVE-2020-16846

Warnung

Exploit

EPSS 94.39%
Veröffentlicht 06.11.2020 08:15:13
Zuletzt bearbeitet 14.03.2025 17:28:24
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Saltstack ≫ Salt Version < 2015.8.10

Saltstack ≫ Salt Version >= 2015.8.11 < 2015.8.13

Saltstack ≫ Salt Version >= 2016.3.0 < 2016.3.4

Saltstack ≫ Salt Version >= 2016.3.5 < 2016.3.6

Saltstack ≫ Salt Version >= 2016.3.7 < 2016.3.8

Saltstack ≫ Salt Version >= 2016.11.0 < 2016.11.3

Saltstack ≫ Salt Version >= 2016.11.4 < 2016.11.6

Saltstack ≫ Salt Version >= 2016.11.7 < 2016.11.10

Saltstack ≫ Salt Version >= 2017.5.0 < 2017.7.4

Saltstack ≫ Salt Version >= 2017.7.5 < 2017.7.8

Saltstack ≫ Salt Version >= 2018.2.0 < 2018.3.5

Saltstack ≫ Salt Version >= 2019.2.0 < 2019.2.5

Saltstack ≫ Salt Version >= 3000.0 < 3000.3

Saltstack ≫ Salt Version3001

Saltstack ≫ Salt Version3002

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version31

Opensuse ≫ Leap Version15.1

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

SaltStack Salt Shell Injection Vulnerability

Schwachstelle

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.39%	1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://github.com/saltstack/salt/releases

Release Notes

https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html

Third Party Advisory

Mailing List