CVE-2020-11651

KEV
Published: Apr 30, 2020 Last Modified: Nov 07, 2025
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,9442
Percentile
1,0th
Updated

EPSS Score Trend (Last 91 Days)

Exploit

Saltstack 3000.1 - Remote Code Execution

Saltstack 3000.1 - Remote Code Execution

Author: Jasper Lievisse Adriaanse Published:
View Exploit Code →
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Application Remote Collector by Vmware

Product Information
Vendor Vmware
Product Application Remote Collector
Version 8.0.0
cpe:2.3:a:vmware:application_remote_collector:8.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Salt by Saltstack

Product Information
Vendor Saltstack
Product Salt
Version Range Affected
To 2019.2.4 (exclusive)
cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Application Remote Collector by Vmware

Product Information
Vendor Vmware
Product Application Remote Collector
Version 7.5.0
cpe:2.3:a:vmware:application_remote_collector:7.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Leap by Opensuse

Product Information
Vendor Opensuse
Product Leap
Version 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Salt by Saltstack

Product Information
Vendor Saltstack
Product Salt
Version Range Affected
From 3000 (inclusive)
To 3000.2 (exclusive)
cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020…
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
http://packetstormsecurity.com/files/157560/Saltstack-3000.…
http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execut…
http://packetstormsecurity.com/files/157678/SaltStack-Salt-…
http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauth…
https://docs.saltstack.com/en/latest/topics/releases/2019.2…
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/top…
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.…
https://lists.debian.org/debian-lts-announce/2020/05/msg000…
https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
https://tools.cisco.com/security/center/content/CiscoSecuri…
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
https://usn.ubuntu.com/4459-1/
https://usn.ubuntu.com/4459-1/
https://www.debian.org/security/2020/dsa-4676
https://www.debian.org/security/2020/dsa-4676
http://www.vmware.com/security/advisories/VMSA-2020-0009.ht…
http://www.vmware.com/security/advisories/VMSA-2020-0009.html
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
http://packetstormsecurity.com/files/157560/Saltstack-3000.…
http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execut…
http://packetstormsecurity.com/files/157678/SaltStack-Salt-…
http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauth…
https://docs.saltstack.com/en/latest/topics/releases/2019.2…
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/top…
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.…
https://lists.debian.org/debian-lts-announce/2020/05/msg000…
https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
https://tools.cisco.com/security/center/content/CiscoSecuri…
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
https://usn.ubuntu.com/4459-1/
https://usn.ubuntu.com/4459-1/
https://www.debian.org/security/2020/dsa-4676
https://www.debian.org/security/2020/dsa-4676
http://www.vmware.com/security/advisories/VMSA-2020-0009.ht…
http://www.vmware.com/security/advisories/VMSA-2020-0009.html