PYSEC-2020-106

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2020-106.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-106

Aliases

Published

2020-11-06T08:15:00Z

Modified

2024-04-22T22:41:44.379266Z

Summary

[none]

Details

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2015.8.10

Introduced

2015.8.11

Fixed

2015.8.13

Introduced

2016.3.0

Fixed

2016.3.4

Introduced

2016.3.5

Fixed

2016.3.6

Introduced

2016.3.7

Fixed

2016.3.8

Introduced

2016.11.0

Fixed

2016.11.3

Introduced

2016.11.4

Fixed

2016.11.6

Introduced

2016.11.7

Fixed

2016.11.10

Introduced

2017.7.0

Fixed

2017.7.4

Introduced

2017.7.5

Fixed

2017.7.8

Introduced

2018.3.0rc1

Fixed

2018.3.5

Introduced

2019.2.0

Fixed

2019.2.5

Introduced

3000

Fixed

3000.3

Affected versions

0.*

0.8.7

0.8.9

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.11.0

0.11.1

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.90

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0rc1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

2014.*

2014.1.0rc1

2014.1.0rc2

2014.1.0rc3

2014.1.0

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.6

2014.1.7

2014.1.8

2014.1.9

2014.1.10

2014.1.11

2014.1.12

2014.1.13

2014.7.0rc1

2014.7.0rc2

2014.7.0rc3

2014.7.0rc4

2014.7.0rc5

2014.7.0rc6

2014.7.0rc7

2014.7.0

2014.7.1

2014.7.2

2014.7.3

2014.7.4

2014.7.5

2014.7.6

2014.7.7

2015.*

2015.2.0rc1

2015.2.0rc2

2015.5.0

2015.5.1

2015.5.2

2015.5.3

2015.5.4

2015.5.5

2015.5.6

2015.5.7

2015.5.8

2015.5.9

2015.5.10

2015.5.11

2015.8.0rc1

2015.8.0rc2

2015.8.0rc3

2015.8.0rc4

2015.8.0rc5

2015.8.0

2015.8.1

2015.8.2

2015.8.3

2015.8.4

2015.8.5

2015.8.7

2015.8.8

2015.8.8.2

2015.8.9

2015.8.11

2015.8.12

2016.*

2016.3.0

2016.3.1

2016.3.2

2016.3.3

2016.3.5

2016.3.7

2016.11.0

2016.11.1

2016.11.2

2016.11.4

2016.11.5

2016.11.7

2016.11.8

2016.11.9

2017.*

2017.7.0

2017.7.1

2017.7.2

2017.7.3

2017.7.5

2017.7.6

2017.7.7

2018.*

2018.3.0rc1

2018.3.0

2018.3.1

2018.3.2

2018.3.3

2018.3.4

2019.*

2019.2.0

2019.2.1

2019.2.2

2019.2.3

2019.2.4

Other

3000

3000.*

3000.1

3000.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2020-106.yaml"