CVE-2020-11652 vulnerability in SaltStack and Other Products
Published on April 30, 2020

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Vendor Advisory NVD

Known Exploited Vulnerability

This SaltStack directory traversal failure to sanitize untrusted input vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2020-11652 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2020-11652 has been classified to as a Directory traversal vulnerability or weakness.

Products Associated with CVE-2020-11652

You can be notified by stack.watch whenever vulnerabilities like CVE-2020-11652 are published in these products:

SaltStack Salt

Debian Linux

OpenSuse Leap

Canonical Ubuntu Linux

Blackberry Workspaces Server

VMware Application Remote Collector

What versions are vulnerable to CVE-2020-11652?

SaltStack Salt Fixed in Version 2019.2.4
SaltStack Salt Version 3000 Fixed in Version 3000.2

OpenSuse Leap Version 15.1

Debian Linux Version 8.0
Debian Linux Version 9.0
Debian Linux Version 10.0

Canonical Ubuntu Linux Version 16.04
Canonical Ubuntu Linux Version 18.04

Blackberry Workspaces Server Up to Version 7.1.3
Blackberry Workspaces Server Version 8.0.0 through 8.2.6
Blackberry Workspaces Server Version 9.1.0