-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from improper neutralization of user-controlled parameters in the Salt API's SSH client (rest_cherrypy module). Multiple ZDI advisories (ZDI-20-1379 to ZDI-20-1383) explicitly identify parameters like ssh_priv, tgt, ssh_options, ssh_port, and ssh_remote_port_forwards as injection vectors. These parameters were incorporated into SSH command strings without proper sanitization in functions handling API requests. The SaltStack release notes for patched versions confirm fixes in these areas by validating inputs. The functions responsible for processing these parameters in the rest_cherrypy module are the primary points of vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| salt | pip | < 2015.8.13 | 2015.8.13 |
| salt | pip | >= 2016.3.0, < 2016.3.8 | 2016.3.8 |
| salt | pip | >= 2016.11.0, < 2016.11.10 | 2016.11.10 |
| salt | pip | >= 2017.5.0, < 2017.7.8 | 2017.7.8 |
| salt | pip | >= 2018.2.0, < 2018.3.5 | 2018.3.5 |
| salt | pip | >= 2019.2.0, < 2019.2.6 | 2019.2.6 |
| salt | pip | >= 3000.0, < 3000.4 | 3000.4 |
| salt | pip | >= 3001, < 3001.2 | 3001.2 |
| salt | pip | >= 3002, < 3002.1 | 3002.1 |
Ongoing coverage of React2Shell