CVE-2020-11652 - SaltStack Salt Path Traversal Vulnerability
Project:SaltStack
Product:Salt
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
SaltStack Salt Path Traversal Vulnerability
Description
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-11652