CVE-2020-16846

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-16846
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-16846.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-16846
Aliases
Downstream
Related
Published
2020-11-06T08:15:13.283Z
Modified
2026-04-10T04:23:38.464154Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c3d2c4eaaef3f26e58d2f676c7456987af866155
Introduced
aaa6f7d80a61637353c9af1229d2754df52ee482
Fixed
e8309a6bbf12b8b803fdbd410e21b8b03d8b5264
Introduced
11acecc43e2c2e4e9a0e73d76b46b035afe8d538
Fixed
7d79ea784414fc73afc85086ce912fda83f3497d
Introduced
a04ab86da15215c01610183e60f4a2af6131f475
Fixed
24c4ae9c2148a0f48e4f28c848a5011e18b57b7a
Introduced
11d176ff1b3c72a529a641c780de6bf70b792253
Fixed
8cf08bd7be0110f965ca768b2e590f68e6b0a519
Introduced
f44724cca5147595557cba04ff215ee31c35fe73
Fixed
40f72db53e2b22e7ef88e1e150caedfdf10772f1
Introduced
e5cd6086a75818885f2bd5bee3d7da3b2c07b110
Fixed
afc61ffe63770a731154f1380a91d566248a8fae
Introduced
d15dce349611a970fff8d3ffb462ef95ce7b2360
Fixed
302776b03c38514667e2292ef3553b6442ee776d
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b5b083fd2655e5082e57d70a03a0f8b850e32ee9
Introduced
19bb725698c1ead096a06749d99aad59266fbad8
Fixed
d520f9acc16ac5df744c08fe5153164876c1c9ee
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2765a4d2b9205ffd2af167882953f55ebf9f0214
Introduced
0ca04ffbebb9daeb8469a6e80d868b8a6524bd99
Fixed
5da2de946d243b538926f4992a1ee9a9d865e62d
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3c609c16ee0454217f339e987c03eaf61662a853
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b95213ec903402f25c1e0aeb3990fe8452ab63ce
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
998c382f5f2c3b4cbf7d96aa6913ada6993909b3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2015.8.10"
        },
        {
            "introduced": "2015.8.11"
        },
        {
            "fixed": "2015.8.13"
        },
        {
            "introduced": "2016.3.0"
        },
        {
            "fixed": "2016.3.4"
        },
        {
            "introduced": "2016.3.5"
        },
        {
            "fixed": "2016.3.6"
        },
        {
            "introduced": "2016.3.7"
        },
        {
            "fixed": "2016.3.8"
        },
        {
            "introduced": "2016.11.0"
        },
        {
            "fixed": "2016.11.3"
        },
        {
            "introduced": "2016.11.4"
        },
        {
            "fixed": "2016.11.6"
        },
        {
            "introduced": "2016.11.7"
        },
        {
            "fixed": "2016.11.10"
        },
        {
            "introduced": "2017.5.0"
        },
        {
            "fixed": "2017.7.4"
        },
        {
            "introduced": "2017.7.5"
        },
        {
            "fixed": "2017.7.8"
        },
        {
            "introduced": "2018.2.0"
        },
        {
            "fixed": "2018.3.5"
        },
        {
            "introduced": "2019.2.0"
        },
        {
            "fixed": "2019.2.5"
        },
        {
            "introduced": "3000.0"
        },
        {
            "fixed": "3000.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3001"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3002"
        }
    ]
}

Affected versions

v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.9
v2014.*
v2014.1
v2014.7
v2015.*
v2015.2
v2015.5
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.11
v2015.8.12
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.8
v2015.8.9
v2016.*
v2016.11
v2016.11.0
v2016.11.1
v2016.11.2
v2016.11.4
v2016.11.5
v2016.11.6
v2016.11.9
v2016.3
v2016.3.0
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.5
v2016.3.7
v2016.9
v2017.*
v2017.5
v2017.7
v2017.7.0
v2017.7.0rc1
v2017.7.3
v2018.*
v2018.11
v2018.2
v2018.3
v2018.3.4
v2018.3.5
v2019.*
v2019.2
v2019.2.1
v2019.2.1rc1
v2019.2.2
v2019.2.3
v2019.2.3_docs
v2019.2.4
v2019.2.4_docs
Other
v3000
v3000_docs
v3001
v3001rc1
v3002
v3002rc1
v3000.*
v3000.0rc1
v3000.0rc2
v3000.1
v3000.2
v3000.2_docs
v3001.*
v3001.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-16846.json"