Miggo Logo
Miggo Vulnerability Database
CVE-2020-28972

CVE-2020-28972: SaltStack Salt Improper Certificate Validation

5.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-28972
GHSA ID
GHSA-w589-r335-4f55
EPSS Score
0.6613%
CWE
CWE-295
Published
5/24/2022
Updated
10/26/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
saltpip< 2015.8.132015.8.13
saltpip>= 2016.3.0, < 2016.11.52016.11.5
saltpip>= 2016.11.7, < 2016.11.102016.11.10
saltpip>= 2017.5.0, < 2017.7.82017.7.8
saltpip>= 2018.2.0, <= 2018.3.5
saltpip>= 2019.2.0, < 2019.2.82019.2.8
saltpip>= 3000, < 3000.73000.7
saltpip>= 3001, < 3001.53001.5
saltpip>= 3002, < 3002.33002.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability (CVE-2020-28972) explicitly references improper certificate validation in VMware-related vmware.py files. SaltStack's own release notes for patched versions (3002.3, 3001.5, 3000.7) confirm that SSL validation was not enforced by default in these modules. The get_service_instance and _get_service_instance functions are core to establishing VMware connections in SaltStack, and the vulnerability description aligns with missing certificate checks in these functions. Third-party advisories (Gentoo, Fedora) and the CVE's focus on VMware authentication further corroborate this assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In S*ltSt**k S*lt ***or* ****.*, *ut**nti**tion to VMw*r* v**nt*r, vsp**r*, *n* *sxi s*rv*rs (in t** `vmw*r*.py` *il*s) *o*s not *lw*ys v*li**t* t** SSL/TLS **rti*i**t*.

Reasoning

T** vuln*r**ility (*V*-****-*****) *xpli*itly r***r*n**s improp*r **rti*i**t* v*li**tion in VMw*r*-r*l*t** `vmw*r*.py` *il*s. S*ltSt**k's own r*l**s* not*s *or p*t**** v*rsions (****.*, ****.*, ****.*) *on*irm t**t SSL v*li**tion w*s not *n*or*** *y