SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

osv 7

cvelist 1

prion 1

ubuntucve 1

veracode 1

debiancve 1

alpinelinux 1

nvd 1

github 1

redhatcve 1

cve 1

nessus 20

thn 2

githubexploit 8

metasploit 2

zdt 3

debian 5

openvas 14

freebsd 1

ubuntu 2

trendmicroblog 1

archlinux 1

cisco 1

suse 4

vmware 1

checkpoint_advisories 1

packetstorm 3

huawei 1

attackerkb 2

exploitdb 1

threatpost 3

cisa 1

photon 4

osv

SaltStack Salt is vulnerable Arbitrary Directory Access

2022-05-24 17:16:58

CVE-2020-11652

2020-04-30 17:15:12

PYSEC-2020-103

2020-04-30 17:15:00

cvelist

CVE-2020-11652

2020-04-30 17:00:03

prion

Improper access control

2020-04-30 17:15:00

ubuntucve

CVE-2020-11652

2020-04-30 00:00:00

veracode

Arbitrary Directory Access

2020-05-04 04:38:10

debiancve

CVE-2020-11652

2020-04-30 17:15:12

alpinelinux

CVE-2020-11652

2020-04-30 17:15:12

nvd

CVE-2020-11652

2020-04-30 17:15:12

github

SaltStack Salt is vulnerable Arbitrary Directory Access

2022-05-24 17:16:58

redhatcve

CVE-2020-11652

2020-05-06 17:40:11

cve

CVE-2020-11652

2020-04-30 17:15:12

nessus

Photon OS 1.0: Salt PHSA-2020-1.0-0294

2020-05-18 00:00:00

SUSE SLES15 Security Update : salt (SUSE-SU-2020:1151-1)

2020-04-30 00:00:00

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:1150-1)

2020-04-30 00:00:00

thn

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

2020-05-01 13:04:00

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

2020-05-04 04:00:00

githubexploit

Exploit for Missing Authentication for Critical Function in Saltstack Salt

2020-05-01 03:23:01

Exploit for Missing Authentication for Critical Function in Saltstack Salt

2020-05-04 11:52:28

Exploit for Missing Authentication for Critical Function in Saltstack Salt

2020-05-01 20:53:49

metasploit

SaltStack Salt Master/Minion Unauthenticated RCE

2020-05-11 17:05:38

SaltStack Salt Master Server Root Key Disclosure

2020-05-11 17:05:38

zdt

Saltstack 3000.1 Remote Code Execution Exploit

2020-05-07 00:00:00

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit

2020-05-12 00:00:00

Saltstack 3000.1 - Remote Code Execution Exploit

2020-05-04 00:00:00

debian

[SECURITY] [DSA 4676-2] salt security update

2020-05-07 20:16:07

[SECURITY] [DLA 2223-1] salt security update

2020-05-30 04:21:15

[SECURITY] [DSA 4676-2] salt security update

2020-05-07 20:16:07

openvas

SUSE: Security Advisory (SUSE-SU-2020:1150-1)

2021-06-09 00:00:00

Debian: Security Advisory (DLA-2223-1)

2020-05-31 00:00:00

Ubuntu: Security Advisory (USN-6849-1)

2024-06-26 00:00:00

freebsd

salt -- multiple vulnerabilities in salt-master process

2020-04-30 00:00:00

ubuntu

Salt vulnerabilities

2024-06-25 00:00:00

Salt vulnerabilities

2020-08-13 00:00:00

trendmicroblog

This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers

2020-05-29 12:27:26

archlinux

[ASA-202005-1] salt: multiple issues

2020-05-05 00:00:00

cisco

SaltStack FrameWork Vulnerabilities Affecting Cisco Products

2020-05-28 16:00:00

suse

Security update for salt (critical)

2020-04-30 00:00:00

Security update for salt (moderate)

2020-07-26 00:00:00

Security update for salt (critical)

2021-07-11 00:00:00

vmware

vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)

2020-05-08 00:00:00

checkpoint_advisories

Saltstack Salt Authentication Bypass (CVE-2020-11651; CVE-2020-11652)

2020-05-05 00:00:00

packetstorm

SaltStack Salt Master Server Root Key Disclosure

2024-08-31 00:00:00

Saltstack 3000.1 Remote Code Execution

2020-05-05 00:00:00

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

2020-05-12 00:00:00

huawei

Security Advisory - Two Vulnerabilities in SaltStack Salt

2020-07-15 00:00:00

attackerkb

CVE-2020-11652

2020-04-30 00:00:00

CVE-2020-11651

2020-04-30 00:00:00

exploitdb

Saltstack 3000.1 - Remote Code Execution

2020-05-05 00:00:00

threatpost

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

2020-05-04 19:23:41

Salt Bugs Allow Full RCE as Root on Cloud Servers

2020-04-30 20:54:50

Hackers Compromise Cisco Servers Via SaltStack Flaws

2020-05-28 20:51:25

cisa

SaltStack Patches Critical Vulnerabilities in Salt

2020-05-01 00:00:00

photon

Critical Photon OS Security Update - PHSA-2020-0091

2020-05-15 00:00:00

Critical Photon OS Security Update - PHSA-2020-3.0-0091

2020-05-15 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0294

2020-05-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.972

Percentile

99.8%

JSON

Related for CISA-KEV-CVE-2020-11652