Base Score

MEDIUM5.5

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

VectorLOCAL

Published Bycve@mitre.org

Published DateNov 06, 2020, 08:15

Affected Versions(9)

salt(PyPI)

Introduced0

Fixed2015.8.13

LimitN/A

salt(PyPI)

Introduced2016.3.0

Fixed2016.3.8

LimitN/A

salt(PyPI)

Introduced2016.11.0

Fixed2016.11.10

LimitN/A

salt(PyPI)

Introduced2017.5.0

Fixed2017.7.8

LimitN/A

salt(PyPI)

Introduced2018.2.0

Fixed2018.3.5

LimitN/A

salt(PyPI)

Introduced2019.2.0

Fixed2019.2.6

LimitN/A

salt(PyPI)

Introduced3000

Fixed3000.4

LimitN/A

salt(PyPI)

Introduced3001

Fixed3001.2

LimitN/A

salt(PyPI)

Introduced3002

Fixed3002.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
salt(PyPI)	0	2015.8.13	N/A
salt(PyPI)	2016.3.0	2016.3.8	N/A
salt(PyPI)	2016.11.0	2016.11.10	N/A
salt(PyPI)	2017.5.0	2017.7.8	N/A
salt(PyPI)	2018.2.0	2018.3.5	N/A
salt(PyPI)	2019.2.0	2019.2.6	N/A
salt(PyPI)	3000	3000.4	N/A
salt(PyPI)	3001	3001.2	N/A
salt(PyPI)	3002	3002.1	N/A

Weakness Type (CWE):CWE-732

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-732

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

Package (Ecosystem)

Introduced

Fixed

Limit

salt(PyPI)

2015.8.13

N/A

salt(PyPI)

2016.3.0

2016.3.8

N/A

salt(PyPI)

2016.11.0

2016.11.10

N/A

salt(PyPI)

2017.5.0

2017.7.8

N/A

salt(PyPI)

2018.2.0

2018.3.5

N/A

salt(PyPI)

2019.2.0

2019.2.6

N/A

salt(PyPI)

3000

3000.4

N/A

salt(PyPI)

3001

3001.2

N/A

salt(PyPI)

3002

3002.1

N/A