An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-30T16:58:09
Updated: 2024-08-04T11:35:13.426Z
Reserved: 2020-04-08T00:00:00
Link: CVE-2020-11651
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-04-30T17:15:12.143
Modified: 2022-07-12T17:42:04.277
Link: CVE-2020-11651
Redhat