CVE-2020-28243 log

Source
Severity High
Remote No
Type Privilege escalation
Description
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create files on the minion in a non-blacklisted directory.
Group Package Affected Fixed Severity Status Ticket
AVG-1624 salt 2019.2.7-1 3002.5-3 High Fixed
Date Advisory Group Package Severity Type
27 Feb 2021 ASA-202102-33 AVG-1624 salt High multiple issues
References
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/