gsd-2020-16846
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-16846",
"description": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
"id": "GSD-2020-16846",
"references": [
"https://www.suse.com/security/cve/CVE-2020-16846.html",
"https://www.debian.org/security/2021/dsa-4837",
"https://security.archlinux.org/CVE-2020-16846",
"https://packetstormsecurity.com/files/cve/CVE-2020-16846"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-16846"
],
"details": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
"id": "GSD-2020-16846",
"modified": "2023-12-13T01:21:45.997194Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2020-16846",
"dateAdded": "2021-11-03",
"dueDate": "2022-05-03",
"product": "Salt",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
"vendorProject": "SaltStack",
"vulnerabilityName": "SaltStack Through 3002 Shell Injection Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/releases",
"refsource": "MISC",
"url": "https://github.com/saltstack/salt/releases"
},
{
"name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/",
"refsource": "CONFIRM",
"url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
},
{
"name": "FEDORA-2020-9e040bd6dd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
},
{
"name": "openSUSE-SU-2020:1868",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
},
{
"name": "GLSA-202011-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-13"
},
{
"name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
},
{
"name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
},
{
"name": "DSA-4837",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4837"
},
{
"name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2015.8.13||\u003e=2016.3.0,\u003c2016.3.8||\u003e=2016.11.0,\u003c2016.11.10|| \u003e=2017.5.0,\u003c2017.7.8||\u003e=2018.2.0,\u003c2018.3.5||\u003e=2019.2.0,\u003c2019.2.5|| \u003e=3000.0,\u003c3000.3||==3001",
"affected_versions": "All versions before 2015.8.13, all versions starting from 2016.3.0 before 2016.3.8, all versions starting from 2016.11.0 before 2016.11.10, all versions starting from 2017.5.0 before 2017.7.8, all versions starting from 2018.2.0 before 2018.3.5, all versions starting from 2019.2.0 before 2019.2.5, all versions starting from 3000.0 before 3000.3, version 3001",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2021-07-21",
"description": "An issue was discovered in SaltStack Salt Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
"fixed_versions": [
"2015.8.13",
"2016.3.8",
"2016.11.10",
"2017.7.8",
"2018.3.5",
"2019.2.5",
"3000.3",
"3001.1"
],
"identifier": "CVE-2020-16846",
"identifiers": [
"CVE-2020-16846"
],
"not_impacted": "All versions starting from 2015.8.13 before 2016.3.0, all versions starting from 2016.3.8 before 2016.11.0, all versions starting from 2016.11.10 before 2017.5.0, all versions starting from 2017.7.8 before 2018.2.0, all versions starting from 2018.3.5 before 2019.2.0, all versions starting from 2019.2.5 before 3000.0, all versions starting from 3000.3 before 3001, all versions after 3001",
"package_slug": "pypi/salt",
"pubdate": "2020-11-06",
"solution": "Upgrade to versions 2015.8.13, 2016.3.8, 2016.11.10, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3, 3001.1 or above.",
"title": "OS Command Injection",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-16846",
"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
],
"uuid": "da3b8aa1-41d7-47fc-a089-5655d7bbee95"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2015.8.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2015.8.13",
"versionStartIncluding": "2015.8.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.3.4",
"versionStartIncluding": "2016.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.3.6",
"versionStartIncluding": "2016.3.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.3.8",
"versionStartIncluding": "2016.3.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.11.3",
"versionStartIncluding": "2016.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.11.6",
"versionStartIncluding": "2016.11.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.11.10",
"versionStartIncluding": "2016.11.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017.7.4",
"versionStartIncluding": "2017.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017.7.8",
"versionStartIncluding": "2017.7.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2018.3.5",
"versionStartIncluding": "2018.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.2.5",
"versionStartIncluding": "2019.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3000.3",
"versionStartIncluding": "3000.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:saltstack:salt:3001:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16846"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/releases",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/saltstack/salt/releases"
},
{
"name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"
},
{
"name": "FEDORA-2020-9e040bd6dd",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/"
},
{
"name": "openSUSE-SU-2020:1868",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html"
},
{
"name": "GLSA-202011-13",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-13"
},
{
"name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/"
},
{
"name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2480-1] salt security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html"
},
{
"name": "DSA-4837",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4837"
},
{
"name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-02-22T10:09Z",
"publishedDate": "2020-11-06T08:15Z"
}
}
}
Loading...