CVE-2020-11652
high-risk
Published 2020-04-30
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Do I need to act?
!
94.3% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (11)
References (25)
Third Party Advisory
http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Executi...
Third Party Advisory
http://support.blackberry.com/kb/articleDetail?articleNumber=000063758
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2020-0009.html
Third Party Advisory
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.r...
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...
Third Party Advisory
https://usn.ubuntu.com/4459-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4676
Third Party Advisory
http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Executi...
Third Party Advisory
http://support.blackberry.com/kb/articleDetail?articleNumber=000063758
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2020-0009.html
Third Party Advisory
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.r...
and 5 more references
67
/ 100
high-risk
Severity
24/34 · High
Exploitability
27/34 · High
Exposure
16/34 · Moderate