SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.
PoC: salt-security-backports
Salt security backports for CVE-2020-11651 & CVE-2020-11652
PoC: CVE-2020-11651-poc
PoC exploit of CVE-2020-11651 and CVE-2020-11652
PoC: CVE-2020-11651
CVE-2020-11651: Proof of Concept
PoC: CVE-2020-11651-CVE-2020-11652-EXP
CVE-2020-11651&&CVE-2020-11652 EXP
PoC: CVE-2020-11651
PoC for CVE-2020-11651
PoC: SaltStack-Exp
CVE-2020-11651&&CVE-2020-11652 EXP
PoC: SaltStack-Exp
CVE-2020-11651&&CVE-2020-11652 EXP
PoC: salt-vulnerabilities
Checks for CVE-2020-11651 and CVE-2020-11652
PoC: CVE-2020-11651
A script that exploits SaltStack CVE-2020-11651 and CVE-2020-11652 to add new users to a vulnerable Salt master by injecting entries into /etc/passwd and /etc/shadow.
PoC: CVE-2020-11651-PoC
Repository that contains a CVE-2020-11651 Exploit updated to work with the latest versions of python.
PoC: salt-rce-scanner-CVE-2020-11651-CVE-2020-11652
Scanning tool to test for SaltStack vulnerabilities CVE-2020-11651 & CVE-2020-11652.
PoC: SaltStack-Exp-1
CVE-2020-11651&&CVE-2020-11652 EXP
PoC: CVE-2020-11651
PoC for CVE-2020-11651
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free