VYPR
High severity7.8NVD Advisory· Published Feb 27, 2021· Updated Jun 17, 2026

CVE-2020-28243

CVE-2020-28243

Description

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
< 2015.8.132015.8.13
saltPyPI
>= 2016.3.0, < 2016.11.52016.11.5
saltPyPI
>= 2016.11.7, < 2016.11.102016.11.10
saltPyPI
>= 2017.5.0, < 2017.7.82017.7.8
saltPyPI
>= 2018.2.0, <= 2018.3.5
saltPyPI
>= 2019.2.0, < 2019.2.82019.2.8
saltPyPI
>= 3000, < 3000.73000.7
saltPyPI
>= 3001, < 3001.53001.5
saltPyPI
>= 3002, < 3002.33002.3

Affected products

32

Patches

Vulnerability mechanics

References

24

News mentions

0

No linked articles in our index yet.

CVE-2020-28243 · High · VYPR