An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-30T17:00:03
Updated: 2024-08-04T11:35:13.485Z
Reserved: 2020-04-08T00:00:00
Link: CVE-2020-11652
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-04-30T17:15:12.190
Modified: 2022-05-03T14:21:49.183
Link: CVE-2020-11652
Redhat