Shell injection vulnerability in SaltStack Salt- CVE-2020-16846| ID: oval:org.secpod.oval:def:67394 | Date: (C)2020-11-24 (M)2022-09-01 |
| Class: VULNERABILITY | Family: windows |
The host is installed with SaltStack Salt before 2019.2.6, 3000.x before 3000.4, 3001.x before 3001.2 or 3002.0 and is prone to a shell injection vulnerability. A flaw exists exists within the application, which fails to properly handle an issue in the SSH client. Successful exploitation allows an unauthenticated user with network access to the Salt API to run code on the Salt-API.
| Platform: |
| Microsoft Windows 7 |
| Microsoft Windows 8.1 |
| Microsoft Windows 10 |
| Microsoft Windows Server 2008 |
| Microsoft Windows Server 2008 R2 |
| Microsoft Windows Server 2012 |
| Microsoft Windows Server 2012 R2 |
| Microsoft Windows Server 2016 |
| Microsoft Windows Server 2019 |
| Product: |
| SaltStack Salt |
| SaltStack Salt 3000.x |
| SaltStack Salt 3001.x |
| SaltStack Salt 3002.x |
