An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
22 Feb 2022, 10:09
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html - Mailing List, Third Party Advisory |
03 Jan 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
References |
|
30 Mar 2021, 13:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-1380/ - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html - Third Party Advisory, VDB Entry | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4837 - Third Party Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-1381/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-1383/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-1379/ - Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html - Mailing List, Third Party Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-1382/ - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-11-06 08:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-16846
Mitre link : CVE-2020-16846
CVE.ORG link : CVE-2020-16846
JSON object : View
Products Affected
debian
- debian_linux
saltstack
- salt
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')