Home / Early Warning / Vulnerabilidades / CVE-2020-28243

CVE-2020-28243

Type: 
Command Injection
Severity: 
Medium
Publication date: 
02/27/2021
Last modified: 
03/31/2021
Description
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
Impact
Access Vector: Local
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields