AVG-1262 log
| Package | salt |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 2019.2.4-1 |
| Fixed | 2019.2.7-1 |
| Current |
3007.0-2 [extra-testing] 3007.0-1 [extra] |
| Ticket | None |
| Created | Tue Nov 3 20:59:36 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-25592 | Critical | Yes | Arbitrary command execution | An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands... |
| CVE-2020-17490 | Low | Yes | Access restriction bypass | An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the... |
| CVE-2020-16846 | High | Yes | Arbitrary command execution | An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 10 Nov 2020 | ASA-202011-7 | salt | multiple issues |
| References |
|---|
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ |