---

CVE-2020-17490 - log back

CVE-2020-17490 edited at 10 Nov 2020 21:02:34

Description

- An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the tls execution module, it would not ensure the key was created with the correct permissions. + An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the tls execution module, it will not ensure the key was created with the correct permissions.

CVE-2020-17490 edited at 03 Nov 2020 21:04:25
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the tls execution module, it would not ensure the key was created with the correct permissions.
References	+ https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ + https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/02/2019.2.x.patch
Notes

CVE-2020-17490 created at 03 Nov 2020 20:59:36