CVE-2020-11651

critical-risk
Published 2020-04-30

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Do I need to act?

!
94.4% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
48421
+
Fix available
Upgrade to: 72df4dd40305bde8838567e568e324e3715930d5, d234429aba719e139cac45db0104bf6c53cfd4ea
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (9)

Affected Vendors

Debian Vmware Canonical Opensuse Saltstack

References (23)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
Exploit http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Executi...
Exploit http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthe...
Third Party Advisory http://www.vmware.com/security/advisories/VMSA-2020-0009.html
Vendor Advisory https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
Third Party Advisory https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.r...
Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...
Third Party Advisory https://usn.ubuntu.com/4459-1/
Third Party Advisory https://www.debian.org/security/2020/dsa-4676
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
Exploit http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Executi...
Exploit http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthe...
Third Party Advisory http://www.vmware.com/security/advisories/VMSA-2020-0009.html
Vendor Advisory https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
Third Party Advisory https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.r...
Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...
and 3 more references
74
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 15/34 · Moderate