Home/CVEs/CVE-2020-11652/

CVE-2020-11652 - SaltStack Salt Path Traversal Vulnerability

Project:SaltStack

Product:Salt

Date Added:2021-11-03Due Date:2022-05-03

Vulnerability Name

SaltStack Salt Path Traversal Vulnerability

Description

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-11652