Download
| Alert*
|
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. CVE-2020-25592 In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. CVE-2020-16846 An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. |
