Home

CVE-2020-16846

Description

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.387

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-16846 are affected in Salt 3001Windows
Multiple Vulnerabilities are affected in VMware SALT 2016.11.2Windows
Multiple Vulnerabilities are affected in VMware SALT 2016.11.5Windows
Multiple Vulnerabilities are affected in VMware SALT 2016.3.7Windows
Multiple Vulnerabilities are affected in VMware SALT 2015.8.12Windows
Multiple Vulnerabilities are affected in VMware SALT 2016.3.3Windows
Multiple Vulnerabilities are affected in VMware SALT 2016.3.5Windows
Multiple Vulnerabilities are affected in VMware SALT 2017.7.7Windows
Multiple Vulnerabilities are affected in VMware SALT 2015.8.9Windows
Multiple Vulnerabilities are affected in VMware SALT 2016.11.9Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are affected in VMware SALT 2017.7.3Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are affected in VMware SALT 2018.3.4Windows
Multiple Vulnerabilities are affected in VMware SALT 2019.2.4Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are affected in VMware SALT 3000.2Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are affected in VMware SALT 3001Windows
Multiple vulnerabilities are fixed in Python-salt 2016.3.8Windows
Multiple vulnerabilities are fixed in Python-salt 2015.8.13Windows
Multiple vulnerabilities are fixed in Python-salt 2016.11.10Windows
Multiple vulnerabilities are fixed in Python-salt 2017.7.8Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are fixed in Python-salt 2018.3.5Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490 are fixed in Python-salt 2019.2.6Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490 are fixed in Python-salt 3000.4Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490 are fixed in Python-salt 3001.2Windows
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are fixed in Python-salt 3002.1Windows
Multiple vulnerabilities are fixed in Python-salt for linux 2016.3.8Linux
Multiple vulnerabilities are fixed in Python-salt for linux 2015.8.13Linux
Multiple vulnerabilities are fixed in Python-salt for linux 2016.11.10Linux
Multiple vulnerabilities are fixed in Python-salt for linux 2017.7.8Linux
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are fixed in Python-salt for linux 2018.3.5Linux
Vulnerabilities CVE-2020-16846,CVE-2020-17490 are fixed in Python-salt for linux 2019.2.6Linux
Vulnerabilities CVE-2020-16846,CVE-2020-17490 are fixed in Python-salt for linux 3000.4Linux
Vulnerabilities CVE-2020-16846,CVE-2020-17490 are fixed in Python-salt for linux 3001.2Linux
Vulnerabilities CVE-2020-16846,CVE-2020-17490,CVE-2020-25592 are fixed in Python-salt for linux 3002.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234