CVE-2020-28243 - log back

CVE-2020-28243 edited at 01 Mar 2021 20:36:30
Description
- An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
+ An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create files on the minion in a non-blacklisted directory.
CVE-2020-28243 edited at 27 Feb 2021 09:12:40
Description
- A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. A privilege escalation is possible on a SaltStack minion when an unprivileged user is able to create files in any non-blacklisted directory via a command injection in a process name.
+ An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
CVE-2020-28243 edited at 26 Feb 2021 13:21:48
Description
- A privilege escalation is possible on a SaltStack minion when an unprivileged user is able to create files in any non-blacklisted directory via a command injection in a process name.
+ A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. A privilege escalation is possible on a SaltStack minion when an unprivileged user is able to create files in any non-blacklisted directory via a command injection in a process name.
References
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
- https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2021/02/05/2019.2.8.patch
CVE-2020-28243 edited at 26 Feb 2021 13:12:47
Severity
- Unknown
+ High
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A privilege escalation is possible on a SaltStack minion when an unprivileged user is able to create files in any non-blacklisted directory via a command injection in a process name.
References
+ https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2021/02/05/2019.2.8.patch
Notes
CVE-2020-28243 created at 26 Feb 2021 13:09:24