VYPR
Critical severityNVD Advisory· Published Nov 6, 2020· Updated Aug 4, 2024

CVE-2020-25592

CVE-2020-25592

Description

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
< 2015.8.132015.8.13
saltPyPI
>= 2016.3.0, < 2016.3.82016.3.8
saltPyPI
>= 2016.11.0, < 2016.11.102016.11.10
saltPyPI
>= 2017.5.0, < 2017.7.82017.7.8
saltPyPI
>= 2018.2.0, < 2018.3.52018.3.5
saltPyPI
>= 2019.2.0, < 2019.2.72019.2.7
saltPyPI
>= 3000.0, < 3000.53000.5
saltPyPI
>= 3001.0, < 3001.33001.3
saltPyPI
>= 3002.0, < 3002.13002.1

Affected products

81

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.