FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6bf55af9-973b-11ea-9f2c-38d547003487	salt -- multiple vulnerabilities in salt-master process F-Secure reports: CVE-2020-11651 - Authentication bypass vulnerabilities The ClearFuncs class processes unauthenticated requests and unintentionally exposes the _send_pub() method, which can be used to queue messages directly on the master publish server. Such messages can be used to trigger minions to run arbitrary commands as root. The ClearFuncs class also exposes the method _prep_auth_info(), which returns the "root key" used to authenticate commands from the local root user on the master server. This "root key" can then be used to remotely call administrative commands on the master server. This unintentional exposure provides a remote un-authenticated attacker with root-equivalent access to the salt master. CVE-2020-11652 - Directory traversal vulnerabilities The wheel module contains commands used to read and write files under specific directory paths. The inputs to these functions are concatenated with the target directory and the resulting path is not canonicalized, leading to an escape of the intended path restriction. The get_token() method of the salt.tokens.localfs class (which is exposed to unauthenticated requests by the ClearFuncs class) fails to sanitize the token input parameter which is then used as a filename, allowing insertion of ".." path elements and thus reading of files outside of the intended directory. The only restriction is that the file has to be deserializable by salt.payload.Serial.loads(). Discovery 2020-04-30 Entry 2020-05-16 py27-salt py32-salt py33-salt py34-salt py35-salt py36-salt py37-salt py38-salt < 2019.2.4 ge 3000 lt 3000.2 CVE-2020-11651 CVE-2020-11652 https://nvd.nist.gov/vuln/detail/CVE-2020-11651 https://nvd.nist.gov/vuln/detail/CVE-2020-11652 https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html https://labs.f-secure.com/advisories/saltstack-authorization-bypass https://blog.f-secure.com/new-vulnerabilities-make-exposed-salt-hosts-easy-targets/ https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild

VuXML ID

Description

6bf55af9-973b-11ea-9f2c-38d547003487

salt -- multiple vulnerabilities in salt-master process

F-Secure reports:

CVE-2020-11651 - Authentication bypass vulnerabilities

The ClearFuncs class processes unauthenticated requests and unintentionally exposes the _send_pub() method, which can be used to queue messages directly on the master publish server. Such messages can be used to trigger minions to run arbitrary commands as root.

The ClearFuncs class also exposes the method _prep_auth_info(), which returns the "root key" used to authenticate commands from the local root user on the master server. This "root key" can then be used to remotely call administrative commands on the master server. This unintentional exposure provides a remote un-authenticated attacker with root-equivalent access to the salt master.

CVE-2020-11652 - Directory traversal vulnerabilities

The wheel module contains commands used to read and write files under specific directory paths. The inputs to these functions are concatenated with the target directory and the resulting path is not canonicalized, leading to an escape of the intended path restriction.

The get_token() method of the salt.tokens.localfs class (which is exposed to unauthenticated requests by the ClearFuncs class) fails to sanitize the token input parameter which is then used as a filename, allowing insertion of ".." path elements and thus reading of files outside of the intended directory. The only restriction is that the file has to be deserializable by salt.payload.Serial.loads().

Discovery 2020-04-30
Entry 2020-05-16
py27-salt
py32-salt
py33-salt
py34-salt
py35-salt
py36-salt
py37-salt
py38-salt

< 2019.2.4

ge 3000 lt 3000.2

CVE-2020-11651
CVE-2020-11652
https://nvd.nist.gov/vuln/detail/CVE-2020-11651
https://nvd.nist.gov/vuln/detail/CVE-2020-11652
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
https://blog.f-secure.com/new-vulnerabilities-make-exposed-salt-hosts-easy-targets/
https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild