GoogleOSV:GHSA-QR38-H96J-2J3WSaltStack Salt Command Injection in netapi ssh client
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
References
lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
github.com/saltstack/salt
github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10
github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10
github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10
github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L12
github.com/saltstack/salt/releases
lists.debian.org/debian-lts-announce/2020/12/msg00007.html
lists.debian.org/debian-lts-announce/2022/01/msg00000.html
lists.fedoraproject.org/archives/list/[email protected]/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
nvd.nist.gov/vuln/detail/CVE-2020-16846
security.gentoo.org/glsa/202011-13
www.debian.org/security/2021/dsa-4837
www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
www.zerodayinitiative.com/advisories/ZDI-20-1379
www.zerodayinitiative.com/advisories/ZDI-20-1380
www.zerodayinitiative.com/advisories/ZDI-20-1381
www.zerodayinitiative.com/advisories/ZDI-20-1382
www.zerodayinitiative.com/advisories/ZDI-20-1383
Related
