Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:MISC:SALTSTACK-SALT-DIR-TRA

Severity

 Minor

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 SaltStack Salt ClearFuncs Directory Traversal

Release Date

 2020/06/11

Update Number

 3289

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: SaltStack Salt ClearFuncs Directory Traversal


This signature detects attempts to exploit a known vulnerability against Saltstack Salt ClearFuncs. A successful attack can lead to arbitrary code execution.

Extended Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Affected Products

  • Debian debian_linux 10
  • Debian debian_linux 9.0
  • Opensuse leap 15.1
  • Saltstack salt 0.10.0
  • Saltstack salt 0.10.1
  • Saltstack salt 0.10.2
  • Saltstack salt 0.10.3
  • Saltstack salt 0.10.4
  • Saltstack salt 0.10.5
  • Saltstack salt 0.11.0
  • Saltstack salt 0.11.1
  • Saltstack salt 0.12.0
  • Saltstack salt 0.12.1
  • Saltstack salt 0.13.0
  • Saltstack salt 0.13.1
  • Saltstack salt 0.13.2
  • Saltstack salt 0.13.3
  • Saltstack salt 0.14.0
  • Saltstack salt 0.14.1
  • Saltstack salt 0.15.0
  • Saltstack salt 0.15.1
  • Saltstack salt 0.15.2
  • Saltstack salt 0.15.3
  • Saltstack salt 0.15.90
  • Saltstack salt 0.16.0
  • Saltstack salt 0.16.1
  • Saltstack salt 0.16.2
  • Saltstack salt 0.16.3
  • Saltstack salt 0.16.4
  • Saltstack salt 0.17.0
  • Saltstack salt 0.17.1
  • Saltstack salt 0.17.2
  • Saltstack salt 0.17.3
  • Saltstack salt 0.17.4
  • Saltstack salt 0.17.5
  • Saltstack salt 0.6.0
  • Saltstack salt 0.7.0
  • Saltstack salt 0.8.0
  • Saltstack salt 0.8.7
  • Saltstack salt 0.8.8
  • Saltstack salt 0.8.9
  • Saltstack salt 0.9.0
  • Saltstack salt 0.9.1
  • Saltstack salt 0.9.2
  • Saltstack salt 0.9.3
  • Saltstack salt 0.9.4
  • Saltstack salt 0.9.5
  • Saltstack salt 0.9.6
  • Saltstack salt 0.9.7
  • Saltstack salt 0.9.8
  • Saltstack salt 0.9.9
  • Saltstack salt 2014.1.0
  • Saltstack salt 2014.1.1
  • Saltstack salt 2014.1.10
  • Saltstack salt 2014.1.11
  • Saltstack salt 2014.1.12
  • Saltstack salt 2014.1.13
  • Saltstack salt 2014.1.2
  • Saltstack salt 2014.1.3
  • Saltstack salt 2014.1.4
  • Saltstack salt 2014.1.5
  • Saltstack salt 2014.1.6
  • Saltstack salt 2014.1.7
  • Saltstack salt 2014.1.8
  • Saltstack salt 2014.1.9
  • Saltstack salt 2014.7.0
  • Saltstack salt 2014.7.1
  • Saltstack salt 2014.7.2
  • Saltstack salt 2014.7.3
  • Saltstack salt 2014.7.4
  • Saltstack salt 2014.7.5
  • Saltstack salt 2014.7.6
  • Saltstack salt 2014.7.7
  • Saltstack salt 2014.7.8
  • Saltstack salt 2014.7.9
  • Saltstack salt 2015.2.0
  • Saltstack salt 2015.5.0
  • Saltstack salt 2015.5.1
  • Saltstack salt 2015.5.10
  • Saltstack salt 2015.5.11
  • Saltstack salt 2015.5.2
  • Saltstack salt 2015.5.3
  • Saltstack salt 2015.5.4
  • Saltstack salt 2015.5.5
  • Saltstack salt 2015.5.6
  • Saltstack salt 2015.5.7
  • Saltstack salt 2015.5.8
  • Saltstack salt 2015.5.9
  • Saltstack salt 2015.8.0
  • Saltstack salt 2015.8.1
  • Saltstack salt 2015.8.10
  • Saltstack salt 2015.8.11
  • Saltstack salt 2015.8.12
  • Saltstack salt 2015.8.13
  • Saltstack salt 2015.8.2
  • Saltstack salt 2015.8.3
  • Saltstack salt 2015.8.4
  • Saltstack salt 2015.8.5
  • Saltstack salt 2015.8.6
  • Saltstack salt 2015.8.7
  • Saltstack salt 2015.8.8
  • Saltstack salt 2015.8.8.2
  • Saltstack salt 2015.8.9
  • Saltstack salt 2016.11.0
  • Saltstack salt 2016.11.1
  • Saltstack salt 2016.11.10
  • Saltstack salt 2016.11.2
  • Saltstack salt 2016.11.3
  • Saltstack salt 2016.11.4
  • Saltstack salt 2016.11.5
  • Saltstack salt 2016.11.6
  • Saltstack salt 2016.11.7
  • Saltstack salt 2016.11.8
  • Saltstack salt 2016.11.9
  • Saltstack salt 2016.3.0
  • Saltstack salt 2016.3.1
  • Saltstack salt 2016.3.2
  • Saltstack salt 2016.3.3
  • Saltstack salt 2016.3.4
  • Saltstack salt 2016.3.5
  • Saltstack salt 2016.3.6
  • Saltstack salt 2016.3.7
  • Saltstack salt 2016.3.8
  • Saltstack salt 2016.3.9
  • Saltstack salt 2017.5.0
  • Saltstack salt 2017.7.0
  • Saltstack salt 2017.7.1
  • Saltstack salt 2017.7.2
  • Saltstack salt 2017.7.3
  • Saltstack salt 2017.7.4
  • Saltstack salt 2017.7.5
  • Saltstack salt 2017.7.6
  • Saltstack salt 2017.7.7
  • Saltstack salt 2017.7.8
  • Saltstack salt 2017.7.9
  • Saltstack salt 2018.11.0
  • Saltstack salt 2018.2.0
  • Saltstack salt 2018.3.0
  • Saltstack salt 2018.3.1
  • Saltstack salt 2018.3.2
  • Saltstack salt 2018.3.3
  • Saltstack salt 2018.3.4
  • Saltstack salt 2018.3.5
  • Saltstack salt 2019.2.0
  • Saltstack salt 2019.2.1
  • Saltstack salt 2019.2.2
  • Saltstack salt 2019.2.3
  • Saltstack salt 3000
  • Saltstack salt 3000.0
  • Saltstack salt 3000.1

References

  • CVE: CVE-2020-11652
  • URL: https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out