Vulnerability Database
Blog
FAQ
Docs
PYSEC-2020-105
See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2020-105.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-105
Aliases
CVE-2020-17490
GHSA-3c56-vx6v-q5vh
Published
2020-11-06T08:15:00Z
Modified
2024-04-22T22:41:54.956885Z
Summary
[none]
Details
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
References
https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
https://security.gentoo.org/glsa/202011-13
https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
https://www.debian.org/security/2021/dsa-4837
Affected packages
PyPI
/
salt
Package
Name
salt
View open source insights on deps.dev
Purl
pkg:pypi/salt
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2015.8.10
Introduced
2015.8.11
Fixed
2015.8.13
Introduced
2016.3.0
Fixed
2016.3.4
Introduced
2016.3.5
Fixed
2016.3.6
Introduced
2016.3.7
Fixed
2016.3.8
Introduced
2016.11.0
Fixed
2016.11.3
Introduced
2016.11.4
Fixed
2016.11.6
Introduced
2016.11.7
Fixed
2016.11.10
Introduced
2017.7.0
Fixed
2017.7.4
Introduced
2017.7.5
Fixed
2017.7.8
Introduced
2018.3.0rc1
Fixed
2018.3.5
Introduced
2019.2.0
Fixed
2019.2.5
Introduced
3000
Fixed
3000.3
Affected versions
0.*
0.8.7
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.9.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
2014.*
2014.1.0rc1
2014.1.0rc2
2014.1.0rc3
2014.1.0
2014.1.1
2014.1.2
2014.1.3
2014.1.4
2014.1.5
2014.1.6
2014.1.7
2014.1.8
2014.1.9
2014.1.10
2014.1.11
2014.1.12
2014.1.13
2014.7.0rc1
2014.7.0rc2
2014.7.0rc3
2014.7.0rc4
2014.7.0rc5
2014.7.0rc6
2014.7.0rc7
2014.7.0
2014.7.1
2014.7.2
2014.7.3
2014.7.4
2014.7.5
2014.7.6
2014.7.7
2015.*
2015.2.0rc1
2015.2.0rc2
2015.5.0
2015.5.1
2015.5.2
2015.5.3
2015.5.4
2015.5.5
2015.5.6
2015.5.7
2015.5.8
2015.5.9
2015.5.10
2015.5.11
2015.8.0rc1
2015.8.0rc2
2015.8.0rc3
2015.8.0rc4
2015.8.0rc5
2015.8.0
2015.8.1
2015.8.2
2015.8.3
2015.8.4
2015.8.5
2015.8.7
2015.8.8
2015.8.8.2
2015.8.9
2015.8.11
2015.8.12
2016.*
2016.3.0
2016.3.1
2016.3.2
2016.3.3
2016.3.5
2016.3.7
2016.11.0
2016.11.1
2016.11.2
2016.11.4
2016.11.5
2016.11.7
2016.11.8
2016.11.9
2017.*
2017.7.0
2017.7.1
2017.7.2
2017.7.3
2017.7.5
2017.7.6
2017.7.7
2018.*
2018.3.0rc1
2018.3.0
2018.3.1
2018.3.2
2018.3.3
2018.3.4
2019.*
2019.2.0
2019.2.1
2019.2.2
2019.2.3
2019.2.4
Other
3000
3000.*
3000.1
3000.2
PYSEC-2020-105 - OSV