application_remote_collector Details

application_remote_collector

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

0Vulnerabilities found

CVE-2020-11652

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-94.20% / 99.91%

7 Day CHG~0.00%

Published-30 Apr, 2020 | 17:00

Updated-30 Jul, 2025 | 01:45

Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Vendor-saltstack n/a SaltStack VMware (Broadcom Inc.)BlackBerry Limited openSUSE Canonical Ltd.Debian GNU/Linux

Product-leap ubuntu_linux application_remote_collector workspaces_server salt debian_linux n/a Salt

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2020-11651

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-94.39% / 99.97%

7 Day CHG~0.00%

Published-30 Apr, 2020 | 16:58

Updated-30 Jul, 2025 | 01:45

Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Vendor-saltstack n/a SaltStack Canonical Ltd.openSUSE VMware (Broadcom Inc.)Debian GNU/Linux

Product-leap ubuntu_linux application_remote_collector salt debian_linux n/a Salt