TT 脆弱性 Blog


CVE-2020-11652 [SaltStack] (まとめ)


◆Critical SaltStack vulnerability affects thousands of datacentres (ComputerWeekly, 2020/04/30 15:53)

Critical vulnerabilities in the Salt remote task and configuration framework enable hackers to take control of cloud servers and must be patched right away

◆SaltStack Salt critical bugs allow data center, cloud server hijacking as root (ZDNet, 2020/05/01)

◆SaltStack Patches Critical Vulnerabilities in Salt (US-CERT, 2020/05/01)

◆インフラ構成管理ツール「SaltStack」に深刻な脆弱性 - 悪用コード公開、早急に対処を (Security NEXT, 2020/05/07)


◆CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities Exploited in the Wild (Tenable, 2020/05/03)

◆CRITICAL VULNERABILITIES UPDATE: CVE-2020-11651 AND CVE-2020-11652 (SaltStack, 2020/05/04)

【Exploit Code】

◆PoC exploit for CVE-2020-11651 and CVE-2020-11652 (jesperla, 2020/05/04)

◆Saltstack 3000.1 - Remote Code Execution (Exploit Database, 2020/05/04)
⇒ ttps://


◆SaltStack authorization bypass (F-Secure, 2020/04/30)

◆SaltStack Salt の複数の脆弱性 (CVE-2020-11651, CVE-2020-11652) に関する注意喚起 (JPCERT/CC, 2020/05/07)

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 2006 - 2022