← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-11651 — Actively Exploited: Salt (SaltStack)

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt

CVE IDCVE-2020-11651
VendorSaltStack
ProductSalt
Vulnerability nameSaltStack Salt Authentication Bypass Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionSaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and bes
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →