Source: salt Version: 2018.3.4+dfsg1-6 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 2018.3.4+dfsg1-6 Control: found -1 2016.11.2+ds-1+deb9u2 Control: found -1 2014.1.13+ds-3 Control: notfound -1 3000.2+dfsg1-1
Dear Maintainer, These CVEs were assigned last Wednesday but I'm filing this as it seems they're not tracked in the BTS yet. CVE-2020-11651 -------------- An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or _run arbitrary commands on salt minions_. [emphasis mine] CVE-2020-11652 -------------- An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. As seen for instance at https://github.com/saltstack/salt/issues/57057 the vulnerabilities are being exploited in wild already; compromised salt masters do allow attackers to run arbitrary commands on the minions as root. See also https://labs.f-secure.com/advisories/saltstack-authorization-bypass . Cheers, -- Guilhem.
signature.asc
Description: PGP signature