An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Published 2020-04-30 17:15:12
Updated 2022-07-12 17:42:04
Source MITRE
View at NVD,   CVE.org

Products affected by CVE-2020-11651

CVE-2020-11651 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
SaltStack Salt Authentication Bypass Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-11651
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2020-11651

97.48%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-11651

  • SaltStack Salt Master Server Root Key Disclosure
    Disclosure Date: 2020-04-30
    First seen: 2020-05-14
    auxiliary/gather/saltstack_salt_root_key
    This module exploits unauthenticated access to the _prep_auth_info() method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands t
  • SaltStack Salt Master/Minion Unauthenticated RCE
    Disclosure Date: 2020-04-30
    First seen: 2020-05-14
    exploit/linux/misc/saltstack_salt_unauth_rce
    This module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minio

CVSS scores for CVE-2020-11651

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

References for CVE-2020-11651

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!