AVG-1262 log

Package salt
Status Fixed
Severity Critical
Type multiple issues
Affected 2019.2.4-1
Fixed 2019.2.7-1
Current 2019.2.7-1 [community]
Ticket None
Created Tue Nov 3 20:59:36 2020
Issue Severity Remote Type Description
CVE-2020-25592 Critical Yes Arbitrary command execution
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands...
CVE-2020-17490 Low Yes Access restriction bypass
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the...
CVE-2020-16846 High Yes Arbitrary command execution
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections...
Date Advisory Package Type
10 Nov 2020 ASA-202011-7 salt multiple issues
References
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/