CVE-2020-11651

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

References

https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html

http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html

https://www.debian.org/security/2020/dsa-4676

http://www.vmware.com/security/advisories/VMSA-2020-0009.html

http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG

https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

https://usn.ubuntu.com/4459-1/

Details

Source: MITRE

Published: 2020-04-30

Updated: 2021-07-21

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
151732openSUSE 15 Security Update : salt (openSUSE-SU-2021:2106-1)NessusSuSE Local Security Checks
critical
151062openSUSE 15 Security Update : salt (openSUSE-SU-2021:0899-1)NessusSuSE Local Security Checks
critical
139659Ubuntu 16.04 LTS / 18.04 LTS : Salt vulnerabilities (USN-4459-1)NessusUbuntu Local Security Checks
critical
139012openSUSE Security Update : salt (openSUSE-2020-1074)NessusSuSE Local Security Checks
critical
138795SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:1974-1)NessusSuSE Local Security Checks
critical
138794SUSE SLES15 Security Update : Salt (SUSE-SU-2020:1973-1)NessusSuSE Local Security Checks
critical
136979Debian DLA-2223-1 : salt security updateNessusDebian Local Security Checks
critical
136699Photon OS 3.0: Salt3 PHSA-2020-3.0-0091NessusPhotonOS Local Security Checks
critical
136695Photon OS 1.0: Salt3 PHSA-2020-1.0-0294NessusPhotonOS Local Security Checks
critical
136694Photon OS 1.0: Salt PHSA-2020-1.0-0294NessusPhotonOS Local Security Checks
critical
136687FreeBSD : salt -- multiple vulnerabilities in salt-master process (6bf55af9-973b-11ea-9f2c-38d547003487)NessusFreeBSD Local Security Checks
critical
136423SaltStack < 2019.2.4 / 3000.x < 3000.2 Authentication Bypass (CVE-2020-11651)NessusMisc.
critical
136402SaltStack < 2019.2.4 / 3000.x < 3000.2 Multiple VulnerabilitiesNessusMisc.
critical
136372Debian DSA-4676-1 : salt - security updateNessusDebian Local Security Checks
critical
136306openSUSE Security Update : salt (openSUSE-2020-564)NessusSuSE Local Security Checks
critical
136170SUSE SLES15 Security Update : salt (SUSE-SU-2020:1151-1)NessusSuSE Local Security Checks
critical
136169SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:1150-1)NessusSuSE Local Security Checks
critical