Vulnerability Database
Blog
FAQ
Docs
CVE-2020-17490
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-17490
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17490.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-17490
Aliases
GHSA-3c56-vx6v-q5vh
PYSEC-2020-105
Related
DLA-2480-1
DSA-4837-1
SUSE-SU-2020:14538-1
SUSE-SU-2020:3155-1
SUSE-SU-2020:3171-1
SUSE-SU-2020:3235-1
SUSE-SU-2020:3243-1
SUSE-SU-2020:3244-1
SUSE-SU-2020:3245-1
SUSE-SU-2020:3250-1
SUSE-SU-2020:3251-1
UBUNTU-CVE-2020-17490
USN-6948-1
openSUSE-SU-2020:1833-1
openSUSE-SU-2020:1868-1
Published
2020-11-06T08:15:13Z
Modified
2024-10-12T06:18:28.831206Z
Severity
5.5 (Medium)
CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Calculator
Summary
[none]
Details
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
References
https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
https://security.gentoo.org/glsa/202011-13
https://www.debian.org/security/2021/dsa-4837
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
Affected packages
Git
/
github.com/saltstack/salt
Affected ranges
Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
11acecc43e2c2e4e9a0e73d76b46b035afe8d538
Fixed
7d79ea784414fc73afc85086ce912fda83f3497d
Affected versions
old-branch-2014.*
old-branch-2014.7
old-branch-2015.*
old-branch-2015.5
v2015.*
v2015.8.11
v2015.8.12
v2016.*
v2016.3.0
v2016.3.1
v2016.3.2
v2016.3.3
CVE-2020-17490 - OSV