Main Vulnerability Database Exploits ID:5183 - Exploit for Security restrictions bypass in Salt - CVE-2020-28243

ID:5183 - Exploit for Security restrictions bypass in Salt - CVE-2020-28243

Published: February 28, 2021

Vulnerability identifier: #VU50988

Vulnerability risk: Medium

CVE-ID: CVE-2020-28243

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Salt

Link to public exploit:

https://github.com/stealthcopter/CVE-2020-28243

Vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation. A remote user can create files in any non-blacklisted directory via a command injection in a process name.

Remediation

Install updates from vendor's website.

ID:5183 - Exploit for Security restrictions bypass in Salt - CVE-2020-28243

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human