CVE-2020-16846
CVE-2020-16846
In short
SaltStack Salt has a shell injection vulnerability in its web API when SSH is enabled. An attacker can send specially crafted requests to execute arbitrary commands on the server.
Technical detail
CWE-78 shell injection in SaltStack Salt API (≤3002) allows unauthenticated remote code execution when SSH client is enabled. The vulnerability exists in request handling that fails to properly sanitize inputs before passing them to shell execution, enabling command injection via crafted HTTP requests.
Summary generated and translated by AI from the official description.
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/hamza-boudouche/projet-secu★ 0githubgithub.com/zomy22/CVE-2020-16846-Saltstack-Salt-API★ 0cve_referencepacketstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.htmlhttp://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.htmlhttps://github.com/saltstack/salt/releaseshttps://lists.debian.org/debian-lts-announce/2020/12/msg00007.htmlhttps://lists.debian.org/debian-lts-announce/2022/01/msg00000.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/https://security.gentoo.org/glsa/202011-13https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846https://www.debian.org/security/2021/dsa-4837https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/https://www.zerodayinitiative.com/advisories/ZDI-20-1379/https://www.zerodayinitiative.com/advisories/ZDI-20-1380/