CVE-2020-25592

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25592

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25592.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-25592

Aliases

Downstream

DLA-2480-1

DSA-4837-1

SUSE-SU-2020:14538-1

SUSE-SU-2020:3155-1

SUSE-SU-2020:3171-1

SUSE-SU-2020:3235-1

SUSE-SU-2020:3243-1

SUSE-SU-2020:3244-1

SUSE-SU-2020:3245-1

SUSE-SU-2020:3250-1

SUSE-SU-2020:3251-1

SUSE-SU-2021:2105-1

SUSE-SU-2021:2106-1

UBUNTU-CVE-2020-25592

USN-6948-1

openSUSE-SU-2020:1833-1

openSUSE-SU-2020:1868-1

openSUSE-SU-2021:0899-1

openSUSE-SU-2021:2106-1

openSUSE-SU-2024:11364-1

Related

Published

2020-11-06T08:15:13.503Z

Modified

2026-02-11T14:26:37.595757Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type: GIT
Repo: https://github.com/saltstack/salt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2765a4d2b9205ffd2af167882953f55ebf9f0214

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3c609c16ee0454217f339e987c03eaf61662a853

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b5b083fd2655e5082e57d70a03a0f8b850e32ee9

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c3d2c4eaaef3f26e58d2f676c7456987af866155

Introduced

0ca04ffbebb9daeb8469a6e80d868b8a6524bd99

Fixed

5da2de946d243b538926f4992a1ee9a9d865e62d

Introduced

11acecc43e2c2e4e9a0e73d76b46b035afe8d538

Fixed

7d79ea784414fc73afc85086ce912fda83f3497d

Introduced

11d176ff1b3c72a529a641c780de6bf70b792253

Fixed

8cf08bd7be0110f965ca768b2e590f68e6b0a519

Introduced

19bb725698c1ead096a06749d99aad59266fbad8

Fixed

d520f9acc16ac5df744c08fe5153164876c1c9ee

Introduced

a04ab86da15215c01610183e60f4a2af6131f475

Fixed

24c4ae9c2148a0f48e4f28c848a5011e18b57b7a

Introduced

aaa6f7d80a61637353c9af1229d2754df52ee482

Fixed

e8309a6bbf12b8b803fdbd410e21b8b03d8b5264

Introduced

d15dce349611a970fff8d3ffb462ef95ce7b2360

Fixed

302776b03c38514667e2292ef3553b6442ee776d

Introduced

e5cd6086a75818885f2bd5bee3d7da3b2c07b110

Fixed

afc61ffe63770a731154f1380a91d566248a8fae

Introduced

f44724cca5147595557cba04ff215ee31c35fe73

Fixed

40f72db53e2b22e7ef88e1e150caedfdf10772f1

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5

old-branch-2015.8

old-branch-2016.*

old-branch-2016.3

v2015.*

v2015.8.11

v2015.8.12

v2015.8.13

v2016.*

v2016.11

v2016.11.0

v2016.11.0rc1

v2016.11.0rc2

v2016.11.1

v2016.11.2

v2016.11.3

v2016.11.4

v2016.11.5

v2016.11.6

v2016.3.0

v2016.3.1

v2016.3.2

v2016.3.3

v2016.3.4

v2016.3.5

v2016.3.6

v2016.9

v2017.*

v2017.5

v2017.7

v2017.7.0

v2017.7.0rc1

v2017.7.1

v2017.7.3

v2019.*

v2019.2.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25592.json"