CVE-2020-25592 - log back

CVE-2020-25592 edited at 10 Nov 2020 21:03:01
Description
- An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands against targets set in an Salt-SSH roster.
+ An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands against targets set in a Salt-SSH roster.
CVE-2020-25592 edited at 03 Nov 2020 21:02:47
References
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
+ https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/25/2019.2.6.patch
CVE-2020-25592 edited at 03 Nov 2020 21:02:37
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary command execution
Description
+ An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands against targets set in an Salt-SSH roster.
References
+ https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Notes
CVE-2020-25592 created at 03 Nov 2020 20:59:36