COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2020-16846

CVE-2020-16846

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2021-11-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-16846
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Players implicated

SaltStack · vendorSalt · product

Description

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.