CVE-2020-17490

Incorrect Permission Assignment for Critical Resource in pypi/salt

Identifiers

CVE-2020-17490

Package Slug

pypi/salt

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

The TLS module within SaltStack Salt creates certificates with weak file permissions.

Affected Versions

All versions before 2015.8.13, all versions starting from 2016.3.0 before 2016.3.8, all versions starting from 2016.11.0 before 2016.11.10, all versions starting from 2017.5.0 before 2017.7.8, all versions starting from 2018.2.0 before 2018.3.5, all versions starting from 2019.2.0 before 2019.2.5, all versions starting from 3000.0 before 3000.3, version 3001

Solution

Upgrade to versions 2015.8.13, 2016.3.8, 2016.11.10, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3, 3001.1 or above.

Last Modified

2020-11-17

source