← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-11652 — Actively Exploited: Salt (SaltStack)

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

CVE IDCVE-2020-11652
VendorSaltStack
ProductSalt
Vulnerability nameSaltStack Salt Path Traversal Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionSaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →