CVE-2020-11651 - SaltStack Salt Authentication Bypass Vulnerability
Project:SaltStack
Product:Salt
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
SaltStack Salt Authentication Bypass Vulnerability
Description
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-11651