CVE-2020-11651

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Severity	CRITICAL
CVSS	9.8
CWE	NVD-CWE-Other
KEV	KEV (added 4 years ago)
Published	6 years ago
Modified	6 months ago

Related Products

Product	Advisory	Evidence
Cisco Virtual Internet Routing Lab	cisco-sa-salt-2vx545AG	Cisco OpenVuln
Cisco TelePresence IX5000	cisco-sa-salt-2vx545AG	Cisco OpenVuln
Cisco TelePresence	cisco-sa-salt-2vx545AG	Cisco OpenVuln
Cisco Modeling Labs	cisco-sa-salt-2vx545AG	Cisco OpenVuln