Russian Vulnerability Scanner Database

Back to List

CVE-2020-16846

Scores

EPSS Score

0.9439

CVSS

3.x 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

Была обнаружена проблема в SaltStack Salt до 3002. Отправка специальным образом подготовленных веб-запросов к API Salt, с включенным SSH-клиентом, может привести к инъекции командной строки.

Sources

debiannvdubuntu

CWEs

CWE-78

Related Vulnerabilities

BDU:2021-01903

Exploits

Exploit ID: CVE-2020-16846

Source: github-poc

URL: https://github.com/zomy22/CVE-2020-16846-Saltstack-Salt-API

Reference Links

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
https://github.com/saltstack/salt/releases
https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
https://security.gentoo.org/glsa/202011-13
https://www.debian.org/security/2021/dsa-4837
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
https://www.cve.org/CVERecord?id=CVE-2020-16846 https://nvd.nist.gov/vuln/detail/CVE-2020-16846 https://docs.saltstack.com/en/latest/topics/releases/2019.2.6.html https://docs.saltstack.com/en/latest/topics/releases/3000.4.html https://docs.saltstack.com/en/latest/topics/releases/3001.2.html https://docs.saltstack.com/en/latest/topics/releases/3002.1.html https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://bugzilla.redhat.com/show_bug.cgi?id=1895449
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
https://www.cve.org/CVERecord?id=CVE-2020-16846
https://ubuntu.com/security/notices/USN-6948-1
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://ubuntu.com/security/notices/USN-7181-1

Vulnerable Software

Type: Configuration

Product: salt

Operating System: ubuntu bionic 18.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: ubuntu groovy 20.10

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: ubuntu hirsute 21.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: ubuntu impish 21.10

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: ubuntu jammy 22.04

Trait: 
{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: ubuntu kinetic 22.10

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: ubuntu trusty 14.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: ubuntu xenial 16.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: salt

Operating System: debian

Trait: 
{
  "fixed": "3002.1+dfsg1-1"
}

Source: debian

Type: Configuration

Vendor: debian

Product: debian_linux

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: fedoraproject

Product: fedora

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: saltstack

Product: salt

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2015.8.10",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2015.8.13",
      "versionStartIncluding": "2015.8.11",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2016.3.4",
      "versionStartIncluding": "2016.3.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2016.3.6",
      "versionStartIncluding": "2016.3.5",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2016.3.8",
      "versionStartIncluding": "2016.3.7",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2016.11.3",
      "versionStartIncluding": "2016.11.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2016.11.6",
      "versionStartIncluding": "2016.11.4",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2016.11.10",
      "versionStartIncluding": "2016.11.7",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2017.7.4",
      "versionStartIncluding": "2017.5.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2017.7.8",
      "versionStartIncluding": "2017.7.5",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2018.3.5",
      "versionStartIncluding": "2018.2.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2019.2.5",
      "versionStartIncluding": "2019.2.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "3000.3",
      "versionStartIncluding": "3000.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:3001:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:saltstack:salt:3002:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd