{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-24T23:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"}, {"name": "FEDORA-2020-9e040bd6dd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"}, {"name": "openSUSE-SU-2020:1868", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"}, {"name": "GLSA-202011-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202011-13"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"}, {"name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"}, {"name": "DSA-4837", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4837"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25592", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.saltstack.com/en/latest/topics/releases/index.html", "refsource": "MISC", "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html"}, {"name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/", "refsource": "CONFIRM", "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"}, {"name": "FEDORA-2020-9e040bd6dd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"}, {"name": "openSUSE-SU-2020:1868", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"}, {"name": "GLSA-202011-13", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202011-13"}, {"name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"}, {"name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"}, {"name": "DSA-4837", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4837"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:33:05.711Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"}, {"name": "FEDORA-2020-9e040bd6dd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"}, {"name": "openSUSE-SU-2020:1868", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"}, {"name": "GLSA-202011-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202011-13"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"}, {"name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"}, {"name": "DSA-4837", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4837"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25592", "datePublished": "2020-11-06T07:31:53", "dateReserved": "2020-09-15T00:00:00", "dateUpdated": "2024-08-04T15:33:05.711Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F9405E3-F2B0-41BA-A39D-61BB38475A59", "versionEndExcluding": "2015.8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "A35C23D3-82D4-46E7-BF08-9229C04C0C3D", "versionEndExcluding": "2015.8.13", "versionStartIncluding": "2015.8.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4741BD5-4C40-48BC-A2C1-E6AB33818201", "versionEndExcluding": "2016.3.4", "versionStartIncluding": "2016.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D28A2B5-316A-45DC-AC85-A0F743C4B3C4", "versionEndExcluding": "2016.3.6", "versionStartIncluding": "2016.3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "17C96153-85C1-45DC-A48B-46A3900246E2", "versionEndExcluding": "2016.3.8", "versionStartIncluding": "2016.3.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0A54497-D7E2-4A2C-9719-4D992B296498", "versionEndExcluding": "2016.11.3", "versionStartIncluding": "2016.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "920C57AF-6E88-465A-83FA-AB947D4C6F0B", "versionEndExcluding": "2016.11.6", "versionStartIncluding": "2016.11.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "11D84847-0C8A-473A-9186-46FABD7BB59A", "versionEndExcluding": "2016.11.10", "versionStartIncluding": "2016.11.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "C45ACC11-CA9B-4451-B6DD-BD784349CDE8", "versionEndExcluding": "2017.7.4", "versionStartIncluding": "2017.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD998745-FA62-4894-A4FC-767F0DE131B9", "versionEndExcluding": "2017.7.8", "versionStartIncluding": "2017.7.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "9747884A-8B29-42C9-BF5E-5B6D883A78E3", "versionEndExcluding": "2018.3.5", "versionStartIncluding": "2018.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7A2912C-7F48-465D-B7F2-93ECD0D0CB74", "versionEndExcluding": "2019.2.5", "versionStartIncluding": "2019.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "D64191C4-C3D3-4615-B7D5-26ADA8BD7C7B", "versionEndExcluding": "3000.3", "versionStartIncluding": "3000.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:3001:*:*:*:*:*:*:*", "matchCriteriaId": "74CAD70E-E77C-4010-B224-CEE3968CB6A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH."}, {"lang": "es", "value": "En SaltStack Salt versiones hasta 3002, salt-netapi comprueba inapropiadamente credenciales y tokens de eauth. Un usuario puede omitir la autenticaci\u00f3n e invocar Salt SSH"}], "id": "CVE-2020-25592", "lastModified": "2023-11-07T03:20:16.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-06T08:15:13.503", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202011-13"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4837"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "salt: salt-netapi improperly validates eauth credentials and tokens", "id": "1895454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895454"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-287", "details": ["In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.", "A flaw was found in salt. Invalid eauth credentials and tokens are not handled correctly when calling Salt SSH via the salt-api which could allow an attacker to bypass authentication and gain access to restricted information or to possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible."}, "name": "CVE-2020-25592", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Will not fix", "package_name": "salt", "product_name": "Red Hat Ceph Storage 2"}], "public_date": "2020-11-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25592\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25592\nhttps://docs.saltstack.com/en/latest/topics/releases/2019.2.7.html\nhttps://docs.saltstack.com/en/latest/topics/releases/3000.5.html\nhttps://docs.saltstack.com/en/latest/topics/releases/3001.3.html\nhttps://docs.saltstack.com/en/latest/topics/releases/3002.1.html\nhttps://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"], "statement": "Red Hat Ceph Storage 2 shipped salt for the usage of Red Hat Storage Console 2 (RHSCON-2), which required salt to administrate ceph nodes. RHSCON-2 has reached End Of Life, hence salt is no longer used and supported. Therefore, the salt package provided by Red Hat Ceph Storage 2 has been marked as 'will not fix'.", "threat_severity": "Important", "upstream_fix": "salt 3002.1, salt 3001.3, salt 3000.5, salt 2019.2.7"}