CVE-2020-25592

Related Files

Debian Security Advisory 4837-1

Posted Jan 28, 2021

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4837-1 - Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH client.

tags | advisory, remote, shell, vulnerability

systems | linux, debian

advisories | CVE-2020-16846, CVE-2020-17490, CVE-2020-25592

SHA-256 | 1265eaac9da5321225abc341caa107482a2babd057291d3ade1956f641263f64

Download | Favorite | View

SaltStack Salt REST API Arbitrary Command Execution

Posted Nov 12, 2020

Authored by wvu, KPC | Site metasploit.com

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5, 2019.2.5, 2019.2.6, 3000.3, 3000.4, 3001.1, 3001.2, and 3002. Tested against 2019.2.3 from Vulhub and 3002 on Ubuntu 20.04.1.

tags | exploit, root

systems | linux, ubuntu

advisories | CVE-2020-16846, CVE-2020-25592

SHA-256 | ca8c40dd201acff6b22d33b259cc0159df534ae31cbc0fe534182b0a7bdb5fdd

Download | Favorite | View

Gentoo Linux Security Advisory 202011-13

Posted Nov 11, 2020

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202011-13 - Multiple vulnerabilities have been found in Salt, the worst of which could result in the arbitrary execution of code. Versions less than 3000.5 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2020-16846, CVE-2020-17490, CVE-2020-25592

SHA-256 | abb5e03a5ec887de7abc41bf6db230426d3a812179a8d18df5eca701d9593ba9

Download | Favorite | View