CVE-2020-25592

Improper Input Validation in pypi/salt

Identifier

CVE-2020-25592

Package Slug

pypi/salt

Vulnerability

Improper Input Validation

Description

In SaltStack Salt, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

Affected Versions

All versions before 3002.1

Solution

Upgrade to version 3002.1 or above.

Last Modified

2020-11-17

source