CVE-2020-16846

CVE Database · CVE-2020-16846

CVE-2020-16846

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.59%

Published

Nov 6, 2020

Modified

Nov 7, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (4)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCzomy22/CVE-2020-16846-Saltstack-Salt-API★0 GitHub PoChamza-boudouche/projet-secu★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (19)

saltstack · salt (up to 2015.8.10)vulnerable

saltstack · salt (up to 2015.8.13)vulnerable

saltstack · salt (up to 2016.3.4)vulnerable

saltstack · salt (up to 2016.3.6)vulnerable

saltstack · salt (up to 2016.3.8)vulnerable

saltstack · salt (up to 2016.11.3)vulnerable

saltstack · salt (up to 2016.11.6)vulnerable

saltstack · salt (up to 2016.11.10)vulnerable

· salt

References (20)

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://github.com/saltstack/salt/releases

Release Notes

https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html

Mailing ListThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs