CVE-2020-11652

CISA description

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

Required action

Apply updates per vendor instructions.

Notes & references

• https://nvd.nist.gov/vuln/detail/CVE-2020-11652

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2020-11652
• CVE.org · CVE-2020-11652
• CISA KEV catalog (canonical)