CVE-2020-11652

CVE-2020-11652

Name

CVE-2020-11652

Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
Third Party Advisory	https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
Third Party Advisory	http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
Third Party Advisory	https://www.debian.org/security/2020/dsa-4676
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2020-0009.html
MISC	http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
MLIST	https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
MISC	http://support.blackberry.com/kb/articleDetail?articleNumber=000063758
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
UBUNTU	https://usn.ubuntu.com/4459-1/
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652

Type

URI

Vendor Advisory

https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

Third Party Advisory

https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html

Third Party Advisory

http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html

Third Party Advisory

https://www.debian.org/security/2020/dsa-4676

CONFIRM

http://www.vmware.com/security/advisories/VMSA-2020-0009.html

MISC

http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html

CISCO

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG

MLIST

https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html

MISC

http://support.blackberry.com/kb/articleDetail?articleNumber=000063758

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

UBUNTU

https://usn.ubuntu.com/4459-1/

134c704f-9b21-4f2e-91b3-4a467353bcc0

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:saltstack:salt::::::::`	salt	>= None	< 2019.2.4
`cpe:2.3:a:saltstack:salt::::::::`	salt	>= 3000	< 3000.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*

salt

>= None

< 2019.2.4

cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*

salt

>= 3000

< 3000.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
salt	edge-community	3000.2-r0	None	fixed
salt	edge-community	2019.2.3-r0	None	possibly vulnerable
salt	3.22-community	3000.2-r0	None	fixed
salt	3.22-community	2019.2.3-r0	None	possibly vulnerable
salt	3.21-community	3000.2-r0	None	fixed
salt	3.20-community	3000.2-r0	None	fixed
salt	3.19-community	3000.2-r0	None	fixed
salt	3.18-community	3000.2-r0	None	fixed
salt	3.17-community	3000.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

salt

edge-community

3000.2-r0

None

fixed

salt

edge-community