9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-11651

GHSA ID

GHSA-pjhf-vpx3-33r3

EPSS Score

0.99957%

CWE

CWE-20

Published

5/24/2022

Updated

10/26/2024

KEV Status

Yes

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-11651

CVE-2020-11651: SaltStack Salt Unauthenticated Remote Code Execution

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-11651

GHSA ID

GHSA-pjhf-vpx3-33r3

EPSS Score

0.99957%

CWE

CWE-20

Published

5/24/2022

Updated

10/26/2024

KEV Status

Yes

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
salt	pip	< 2019.2.4	2019.2.4
salt	pip	>= 3000, < 3000.2	3000.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the ClearFuncs class in Salt's salt-master process failing to validate method calls. The advisory explicitly identifies ClearFuncs as the source, and the patched versions introduced allowlists for exposed methods. Critical methods like _prep_auth_info (token retrieval), publish (command execution), and wheel (master-level operations) were accessible without authentication. These functions align with the CVE's description of token theft and remote code execution. The confidence is high due to the direct correlation between the vulnerability's mechanics and the functions' roles in Salt's RPC architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in S*ltSt**k S*lt ***or* ****.*.* *n* **** ***or* ****.*. T** s*lt-m*st*r pro**ss *l**r*un*s *l*ss *o*s not prop*rly v*li**t* m*t*o* **lls. T*is *llows * r*mot* us*r to ****ss som* m*t*o*s wit*out *ut**nti**tion. T**s* m*t*o*s

Reasoning

T** vuln*r**ility st*ms *rom t** *l**r*un*s *l*ss in S*lt's s*lt-m*st*r pro**ss **ilin* to v*li**t* m*t*o* **lls. T** **visory *xpli*itly i**nti*i*s *l**r*un*s *s t** sour**, *n* t** p*t**** v*rsions intro*u*** *llowlists *or *xpos** m*t*o*s. *riti**

9.8

Basic Information

Concerned about an active attack path?

CVE-2020-11651: SaltStack Salt Unauthenticated Remote Code Execution

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI