CVE-2020-11652

Summary

CVE	CVE-2020-11652
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-04-30 17:15:00 UTC
Updated	2022-05-03 14:21:00 UTC
Description	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Risk And Classification

EPSS: 0.942650000 probability, percentile 0.999350000 (date 2026-04-01)

CISA KEV: Listed on 2021-11-03; due 2022-05-03; ransomware use Unknown

Problem Types: CWE-22

CISA Known Exploited Vulnerability

Vendor	SaltStack
Product	Salt
Name	SaltStack Salt Path Traversal Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2020-11652

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Blackberry	Workspaces Server	9.1.0	All	All	All
Application	Blackberry	Workspaces Server	All	All	All	All
Application	Blackberry	Workspaces Server	All	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Application	Saltstack	Salt	All	All	All	All
Application	Saltstack	Salt	All	All	All	All
Application	Vmware	Application Remote Collector	7.5.0	All	All	All
Application	Vmware	Application Remote Collector	8.0.0	All	All	All

References

Reference	Source	Link	Tags
[security-announce] openSUSE-SU-2020:0564-1: critical: Security update f	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
Saltstack 3000.1 Remote Code Execution ≈ Packet Storm	MISC	packetstormsecurity.com	Third Party Advisory
VMSA-2020-0009.1	CONFIRM	www.vmware.com
[SECURITY] [DLA 2223-1] salt security update	MLIST	lists.debian.org
USN-4459-1: Salt vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
Salt 2019.2.4 Release Notes	MISC	docs.saltstack.com	Vendor Advisory
BSRT-2020-002 Input Validation Vulnerability in Server Configuration Management Impacts BlackBerry Workspaces Server (deployed with Appliance-X)	MISC	support.blackberry.com
[security-announce] openSUSE-SU-2020:1074-1: moderate: Security update f	SUSE	lists.opensuse.org
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution ≈ Packet Storm	MISC	packetstormsecurity.com
salt/3000.2.rst at v3000.2_docs · saltstack/salt · GitHub	MISC	github.com	Third Party Advisory
SaltStack FrameWork Vulnerabilities Affecting Cisco Products	CISCO	tools.cisco.com
Debian -- Security Information -- DSA-4676-1 salt	DEBIAN	www.debian.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

374575 VMware vRealize Operations Application Remote Collector (ARC) Multiple Vulnerabilities (VMSA-2020-0009)
501244 Alpine Linux Security Update for salt
505396 Alpine Linux Security Update for salt
750688 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2021:2105-1)
750705 OpenSUSE Security Update for salt (openSUSE-SU-2021:0899-1)
750760 OpenSUSE Security Update for salt (openSUSE-SU-2021:2106-1)