CVE-2020-25592 – In SaltStack Salt through 3002, salt-netapi improperly validates eauth cr

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592

Reference (s):

• https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
• DEBIAN:DSA-4837
• URL: https://www.debian.org/security/2021/dsa-4837
• FEDORA:FEDORA-2020-9e040bd6dd
• URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/