CyberSec.Space Logo
Back to CVE Browser

CVE-2020-11651

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score55.5730%
EPSS Percentile91.81th
PublishedApr 30, 2020
Last ModifiedNov 7, 2025

Vulnerability Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Affected Platforms (CPE)

πŸ“¦
Saltstack

Salt

< 2019.2.4
πŸ“¦
Saltstack

Salt

>= 3000 and < 3000.2
πŸ’»
Opensuse

Leap

= 15.1
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ“¦
Vmware

Application Remote Collector

= 7.5.0
πŸ“¦
Vmware

Application Remote Collector

= 8.0.0

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
πŸ”— http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
πŸ”— http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
πŸ”— http://www.vmware.com/security/advisories/VMSA-2020-0009.html
πŸ”— https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
πŸ”— https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
πŸ”— https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html

Related Vulnerabilities

CVE-2011-326810.0

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a l...

CVE-2013-443710.0

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage...

CVE-2001-135610.0

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allow...

CVE-2013-661710.0

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for r...