CVE advisoryKnown Exploit
CVE-2020-16846
Salt API Shell Injection Vulnerability
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability exists in Salt versions prior to 3002, allowing unauthorized command execution on the Salt API. This impacts organizations using the Salt API with an enabled SSH client. Exploitation poses a business risk of system compromise and data integrity issues.