CVE-2020-17490
pypi/salt
Incorrect Permission Assignment for Critical Resource
The TLS module within SaltStack Salt creates certificates with weak file permissions.
All versions before 2015.8.13, all versions starting from 2016.3.0 before 2016.3.8, all versions starting from 2016.11.0 before 2016.11.10, all versions starting from 2017.5.0 before 2017.7.8, all versions starting from 2018.2.0 before 2018.3.5, all versions starting from 2019.2.0 before 2019.2.5, all versions starting from 3000.0 before 3000.3, version 3001
Upgrade to versions 2015.8.13, 2016.3.8, 2016.11.10, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3, 3001.1 or above.
2020-11-17
source |