NVD disclosure day

Published threat advisories for April 30, 2020

CVE-2020-11652

Salt System Path Traversal Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

SaltStack Salt has a path traversal vulnerability allowing authenticated users to access unauthorized directories. This could lead to sensitive data exposure, impacting business confidentiality. Organizations should update affected versions to mitigate this risk.

NVD published: April 30, 2020 • CISA KEV

CVE advisoryKnown Exploit

CVE-2020-11651

Salt Master Authentication Bypass Leading to Command Execution.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in SaltStack Salt allows unauthenticated remote access to sensitive methods, potentially enabling attackers to execute arbitrary commands on managed systems. This poses a risk of unauthorized control over infrastructure and data compromise. Organizations using affected versions should prioritize remedia

NVD published: April 30, 2020 • CISA KEV