---

CVE-2020-16846 - log back

CVE-2020-16846 edited at 10 Nov 2020 21:02:13

Description

- An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client. + An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt API using the SSH client.

CVE-2020-16846 edited at 03 Nov 2020 21:05:31
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary command execution
Description	+ An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client.
References	+ https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ + https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/02/2019.2.x.patch
Notes

CVE-2020-16846 created at 03 Nov 2020 20:59:36