FortiClient Vulnerability

Security Vulnerabilities fixed in Salt Minion 2019.2.4

Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Affected Applications

Salt Minion

CVE References

CVE-2020-11651 CVE-2020-11652

Other References

https://docs.saltproject.io/en/latest/topics/releases/2019.2.4.html

ID	4130
Created	Jan 26, 2022
Description Updated	Nov 07, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	SaltStack
Patch	manual
Application	Salt Minion

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Security Vulnerabilities fixed in Salt Minion 2019.2.4

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Security Vulnerabilities fixed in Salt Minion 2019.2.4

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center