CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Severity	MEDIUM
CVSS	6.5
CWE	CWE-22
KEV	KEV (added 4 years ago)
Published	6 years ago
Modified	6 months ago

Related Products

Product	Advisory	Evidence
Cisco Virtual Internet Routing Lab	cisco-sa-salt-2vx545AG	Cisco OpenVuln
Cisco TelePresence IX5000	cisco-sa-salt-2vx545AG	Cisco OpenVuln
Cisco TelePresence	cisco-sa-salt-2vx545AG	Cisco OpenVuln
Cisco Modeling Labs	cisco-sa-salt-2vx545AG	Cisco OpenVuln