Lucene search
AnonymousZDI-20-1379HistoryNov 24, 2020 - 12:00 a.m.
SaltStack Salt rest_cherrypy ssh_priv Command Injection Remote Code Execution Vulnerability
2020-11-2400:00:00
Anonymous
www.zerodayinitiative.com
78
0.973 High
EPSS
Percentile
99.9%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rest_cherrypy module. When parsing the ssh_priv parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the salt-api process.
Related
zdi
zdi
redhatcve
redhatcve
CVE-2020-16846
2020-11-06 17:29:13
prion
prion
Design/Logic Flaw
2020-11-06 08:15:00
osv
osv
CVE-2020-16846
2020-11-06 08:15:13
SaltStack Salt Command Injection in netapi ssh client
2022-05-24 17:33:18
PYSEC-2020-104
2020-11-06 08:15:00
veracode
veracode
Shell Injection
2020-11-10 05:27:00
nvd
nvd
CVE-2020-16846
2020-11-06 08:15:13
checkpoint_advisories
checkpoint_advisories
SaltStack Salt API SSH Client Command Injection (CVE-2020-16846)
2021-11-16 00:00:00
cve
cve
CVE-2020-16846
2020-11-06 08:15:13
debiancve
debiancve
CVE-2020-16846
2020-11-06 08:15:13
cvelist
cvelist
CVE-2020-16846
2020-11-06 07:27:24
ubuntucve
ubuntucve
CVE-2020-16846
2020-11-06 00:00:00
nuclei
nuclei
SaltStack <=3002 - Shell Injection
2020-11-18 17:21:07
github
github
SaltStack Salt Command Injection in netapi ssh client
2022-05-24 17:33:18
nessus
nessus
SaltStack Unauthenticated RCE (direct check)
2021-02-15 00:00:00
openSUSE Security Update : salt (openSUSE-2020-1833)
2020-11-06 00:00:00
SUSE SLES15 Security Update : Salt (SUSE-SU-2020:3244-1)
2020-12-09 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Saltstack Salt
2021-10-14 10:09:48
cisa_kev
cisa_kev
SaltStack Salt Shell Injection Vulnerability
2021-11-03 00:00:00
alpinelinux
alpinelinux
CVE-2020-16846
2020-11-06 08:15:13
metasploit
metasploit
SaltStack Salt REST API Arbitrary Command Execution
2020-11-11 19:09:26
packetstorm
packetstorm
SaltStack Salt REST API Arbitrary Command Execution
2020-11-12 00:00:00
zdt
zdt
SaltStack Salt REST API Arbitrary Command Execution Exploit
2020-11-12 00:00:00
suse
suse
Security update for salt (critical)
2020-11-07 00:00:00
Security update for salt (critical)
2020-11-05 00:00:00
rapid7blog
rapid7blog
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
2020-11-10 14:22:33
Metasploit Wrap-Up
2020-11-13 19:08:01
gentoo
gentoo
Salt: Multiple vulnerabilities
2020-11-11 00:00:00
openvas
openvas
openSUSE: Security Advisory for salt (openSUSE-SU-2020:1833-1)
2020-11-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3243-1)
2021-06-09 00:00:00
Debian: Security Advisory (DSA-4837-1)
2021-01-25 00:00:00
attackerkb
attackerkb
CVE-2020-16846 — SaltStack Unauthenticated Shell Injection
2020-11-06 00:00:00
debian
debian
[SECURITY] [DSA 4837-1] salt security update
2021-01-24 15:29:40
[SECURITY] [DLA 2480-1] salt security update
2020-12-04 17:33:51
[SECURITY] [DSA 4837-1] salt security update
2021-01-24 15:29:40
freebsd
freebsd
salt -- multiple vulnerabilities
2020-11-06 00:00:00
archlinux
archlinux
[ASA-202011-7] salt: multiple issues
2020-11-10 00:00:00