{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-19T18:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"}, {"name": "openSUSE-SU-2020:0564", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"}, {"name": "DSA-4676", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4676"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"}, {"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"}, {"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"}, {"tags": ["x_refsource_MISC"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"}, {"name": "openSUSE-SU-2020:1074", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"}, {"name": "USN-4459-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4459-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-11652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html", "refsource": "MISC", "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"}, {"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst", "refsource": "MISC", "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"}, {"name": "openSUSE-SU-2020:0564", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"}, {"name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"}, {"name": "DSA-4676", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4676"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"}, {"name": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"}, {"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"}, {"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"}, {"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758", "refsource": "MISC", "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"}, {"name": "openSUSE-SU-2020:1074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"}, {"name": "USN-4459-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4459-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:35:13.485Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"}, {"name": "openSUSE-SU-2020:0564", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"}, {"name": "DSA-4676", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4676"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"}, {"name": "20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"}, {"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"}, {"name": "openSUSE-SU-2020:1074", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"}, {"name": "USN-4459-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4459-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-11652", "datePublished": "2020-04-30T17:00:03", "dateReserved": "2020-04-08T00:00:00", "dateUpdated": "2024-08-04T11:35:13.485Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "SaltStack Salt Path Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "5861CF02-E8F5-494E-8F51-5AB233260828", "versionEndExcluding": "2019.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "E84C993E-1C6B-4984-9552-4A76A1FE3EF2", "versionEndExcluding": "3000.2", "versionStartIncluding": "3000", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5B41060-E2BF-4C6B-9058-1A4C29D4B922", "versionEndIncluding": "7.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E2E34D6-A5DA-497C-8019-4B41BFD0E726", "versionEndIncluding": "8.2.6", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:workspaces_server:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F418742F-5FCB-49ED-AD0D-DFDFF6AFA01D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:application_remote_collector:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "96DB76F8-036A-4401-B926-9B5156E032C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:application_remote_collector:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C3F42E7-CB56-4287-B09F-C5528B97EB7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SaltStack Salt versiones anteriores a la versi\u00f3n 2019.2.4 y versiones 3000 anteriores a 3000.2. La clase ClearFuncs del proceso Salt-master permite acceder a algunos m\u00e9todos que sanean inapropiadamente las rutas. Estos m\u00e9todos permiten acceso a directorios arbitrarios a usuarios autenticados."}], "id": "CVE-2020-11652", "lastModified": "2022-05-03T14:21:49.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-30T17:15:12.190", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000063758"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2020-0009.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4459-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4676"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "salt: salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths", "id": "1832420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832420"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.", "A flaw was found in salt. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-11652", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Will not fix", "package_name": "salt", "product_name": "Red Hat Ceph Storage 2"}], "public_date": "2020-04-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-11652\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11652\nhttps://docs.saltstack.com/en/latest/topics/releases/3000.2.html\nhttps://labs.f-secure.com/advisories/saltstack-authorization-bypass\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "Red Hat Ceph Storage 2 shipped salt for the usage of Red Hat Storage Console 2(RHSCON-2), which required salt to administrate ceph nodes. RHSCON-2 has reached End Of Life, hence salt is no longer used and supported. Therefore, the salt package provided by Red Hat Ceph Storage 2 has been marked as 'will not fix'.", "threat_severity": "Moderate", "upstream_fix": "salt 3000.2, salt 2019.2.4"}