CVE-2020-16846
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Affected Platforms (CPE)
📦
Saltstack
Salt
< 2015.8.10📦
Saltstack
Salt
>= 2015.8.11 and < 2015.8.13📦
Saltstack
Salt
>= 2016.3.0 and < 2016.3.4📦
Saltstack
Salt
>= 2016.3.5 and < 2016.3.6📦
Saltstack
Salt
>= 2016.3.7 and < 2016.3.8📦
Saltstack
Salt
>= 2016.11.0 and < 2016.11.3📦
Saltstack
Salt
>= 2016.11.4 and < 2016.11.6📦
Saltstack
Salt
>= 2016.11.7 and < 2016.11.10📦
Saltstack
Salt
>= 2017.5.0 and < 2017.7.4📦
Saltstack
Salt
>= 2017.7.5 and < 2017.7.8📦
Saltstack
Salt
>= 2018.2.0 and < 2018.3.5📦
Saltstack
Salt
>= 2019.2.0 and < 2019.2.5📦
Saltstack
Salt
>= 3000.0 and < 3000.3📦
Saltstack
Salt
= 3001📦
Saltstack
Salt
= 3002💻
Debian
Debian Linux
= 9.0💻
Debian
Debian Linux
= 10.0💻
Fedoraproject
Fedora
= 31💻
Opensuse