Exploit for #VU27495 Path traversal in Salt

Vulnerability identifier: #VU27495

Vulnerability risk: Medium

CVSSv4.0: 7.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2020-11652

CWE-ID: CWE-22

Exploitation vector: Network

Exploits in database: 14

• March 22, 2024
  • CVE-2020-11652-POC (This is a fix POC CVE-2020-11651 & CVE-2020-11651) [Github]
• December 28, 2020
  • CVE-2020-11652 (CVE-2020-11652 & CVE-2020-11651) [Github]
• December 2, 2020
  • salt-rce-scanner-CVE-2020-11651-CVE-2020-11652 (Scanning tool to test for SaltStack vulnerabilities CVE-2020-11651 & CVE-2020-11652.) [Github]
• June 3, 2020
  • salt-vulnerabilities (Checks for CVE-2020-11651 and CVE-2020-11652) [Github]
  • SaltStack-Exp (CVE-2020-11651&&CVE-2020-11652 EXP) [Github]
  • SaltStack-Exp (CVE-2020-11651&&CVE-2020-11652 EXP) [Github]
  • CVE-2020-11651-CVE-2020-11652-EXP (CVE-2020-11651&&CVE-2020-11652 EXP) [Github]
  • salt-security-backports (Salt security backports for CVE-2020-11651 & CVE-2020-11652) [Github]
  • CVE-2020-11652 (saltstack CVE-2020-11652 ) [Github]
• May 12, 2020
  • SaltStack Salt Master/Minion Unauthenticated RCE [Metasploit]
  • SaltStack Salt Master Server Root Key Disclosure [Metasploit]
• May 11, 2020
  • Saltstack 3000.1 - Remote Code Execution [Exploit-DB]
  • CVE-2020-11651 (SaltStack exploit compatible with IP lists with customizable payload) [Github]
• May 4, 2020
  • CVE-2020-11651-poc (PoC exploit of CVE-2020-11651 and CVE-2020-11652) [Github]

Vulnerable software:
Salt
Web applications / Remote management & hosting panels

Vendor: SaltStack