COOEY // HUBcompliance · community · intelligence

FAIL › dossier

SaltStack vendor

3
failure events
0
zero-days
1
RCEs
3
on KEV
0
critical
65
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 3 events

DateEventSevFlagsShameSummary
2021-11-03 CVE-2020-16846 high ⚡RCE ⌖KEV 65 SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.
2021-11-03 CVE-2020-11652 high ⌖KEV 50 SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
2021-11-03 CVE-2020-11651 high ⌖KEV 50 SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the