TT 脆弱性 Blog

脆弱性情報に関する「個人」の調査・研究のログ

トップ > 脆弱性: CVE-2020-11652 > CVE-2020-11652 [SaltStack] (まとめ)

CVE-2020-11652 [SaltStack] (まとめ)

脆弱性: CVE-2020-11652

【ニュース】

◆Critical SaltStack vulnerability affects thousands of datacentres (ComputerWeekly, 2020/04/30 15:53)

Critical vulnerabilities in the Salt remote task and configuration framework enable hackers to take control of cloud servers and must be patched right away

https://www.computerweekly.com/news/252482461/Critical-SaltStack-vulnerability-affects-thousands-of-datacentres
https://vul.hatenadiary.com/entry/2020/04/30/000000_2

◆SaltStack Salt critical bugs allow data center, cloud server hijacking as root (ZDNet, 2020/05/01)
https://www.zdnet.com/article/saltstack-salt-critical-bugs-allow-data-center-cloud-server-hijacking-as-root/
https://vul.hatenadiary.com/entry/2020/05/01/000000_1

◆SaltStack Patches Critical Vulnerabilities in Salt (US-CERT, 2020/05/01)
https://www.us-cert.gov/ncas/current-activity/2020/05/01/saltstack-patches-critical-vulnerabilities-salt
https://vul.hatenadiary.com/entry/2020/05/01/000000

◆インフラ構成管理ツール「SaltStack」に深刻な脆弱性 - 悪用コード公開、早急に対処を (Security NEXT, 2020/05/07)
http://www.security-next.com/114633
https://vul.hatenadiary.com/entry/2020/05/07/000000_1


【ブログ】

◆CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities Exploited in the Wild (Tenable, 2020/05/03)
https://jp.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
https://vul.hatenadiary.com/entry/2020/05/03/000000

◆CRITICAL VULNERABILITIES UPDATE: CVE-2020-11651 AND CVE-2020-11652 (SaltStack, 2020/05/04)
https://community.saltstack.com/blog/critical-vulnerabilities-update-cve-2020-11651-and-cve-2020-11652/
https://vul.hatenadiary.com/entry/2020/05/04/000000


【Exploit Code】

◆PoC exploit for CVE-2020-11651 and CVE-2020-11652 (jesperla, 2020/05/04)
https://github.com/jasperla/CVE-2020-11651-poc
https://vul.hatenadiary.com/entry/2020/05/04/000000_2

◆Saltstack 3000.1 - Remote Code Execution (Exploit Database, 2020/05/04)
https://www.exploit-db.com/exploits/48421
⇒ ttps://vul.hatenadiary.com/entry/2020/05/04/000000_1


【公開情報】

◆SaltStack authorization bypass (F-Secure, 2020/04/30)
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
https://vul.hatenadiary.com/entry/2020/04/30/000000

◆SaltStack Salt の複数の脆弱性 (CVE-2020-11651, CVE-2020-11652) に関する注意喚起 (JPCERT/CC, 2020/05/07)
https://www.jpcert.or.jp/at/2020/at200020.html
https://vul.hatenadiary.com/entry/2020/05/07/000000

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 2006 - 2022