admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-16846

Browse Source
This commit is contained in:
tardc 2020-11-20 10:32:03 +08:00
parent b146db1e67
commit 7735122829
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
SaltStack/CVE-2020-16846/CVE-2020-16846.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 607 KiB

11
SaltStack/CVE-2020-16846/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2020-16846 SaltStack RCE Vulnerability
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
**Affected version**: SaltStack Salt < 3002
**[FOFA](https://fofa.so/result?q=header%3D%22application%2Fjson%22+%26%26+header%3D%22CherryPy%22+%26%26+body%3D%22clients%22&qbase64=aGVhZGVyPSJhcHBsaWNhdGlvbi9qc29uIiAmJiBoZWFkZXI9IkNoZXJyeVB5IiAmJiBib2R5PSJjbGllbnRzIg%3D%3D&file=&file=) query rule**: header="application/json" && header="CherryPy" && body="clients"
# Demo
![](CVE-2020-16846.gif)