CVE-2020-17490
- Source
- https://cve.org/CVERecord?id=CVE-2020-17490
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17490.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-17490
- Aliases
- Downstream
- Related
- Published
- 2020-11-06T08:15:13.347Z
- Modified
- 2026-04-02T04:10:16.654602Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
- https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
- https://security.gentoo.org/glsa/202011-13
- https://www.debian.org/security/2021/dsa-4837
- https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
- https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
Affected packages
Git / github.com/saltstack/salt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/saltstack/salt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2015.8.10" }, { "introduced": "2015.8.11" }, { "fixed": "2015.8.13" }, { "introduced": "2016.3.0" }, { "fixed": "2016.3.4" }, { "introduced": "2016.3.5" }, { "fixed": "2016.3.6" }, { "introduced": "2016.3.7" }, { "fixed": "2016.3.8" }, { "introduced": "2016.11.0" }, { "fixed": "2016.11.3" }, { "introduced": "2016.11.4" }, { "fixed": "2016.11.6" }, { "introduced": "2016.11.7" }, { "fixed": "2016.11.10" }, { "introduced": "2017.5.0" }, { "fixed": "2017.7.4" }, { "introduced": "2017.7.5" }, { "fixed": "2017.7.8" }, { "introduced": "2018.2.0" }, { "fixed": "2018.3.5" }, { "introduced": "2019.2.0" }, { "fixed": "2019.2.5" }, { "introduced": "3000.0" }, { "fixed": "3000.3" }, { "introduced": "0" }, { "last_affected": "3001" } ] }
Affected versions
old-branch-0.*
old-branch-0.11
old-branch-0.12
old-branch-0.13
old-branch-0.14
old-branch-0.15
old-branch-0.16
old-branch-0.17
old-branch-2014.*
old-branch-2014.1
old-branch-2014.7
old-branch-2015.*
old-branch-2015.5
old-branch-2019.*
old-branch-2019.2.3
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.11.1
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.90
v0.16
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17
v0.17.0
v0.17.0rc1
v0.17.1
v0.17.2
v0.17.3
v0.17.4
v0.17.5
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v2014.*
v2014.1
v2014.1.0
v2014.1.0rc1
v2014.1.0rc2
v2014.1.0rc3
v2014.1.1
v2014.1.10
v2014.1.11
v2014.1.12
v2014.1.13
v2014.1.2
v2014.1.3
v2014.1.4
v2014.1.5
v2014.1.6
v2014.1.7
v2014.1.8
v2014.1.9
v2014.7
v2014.7.0
v2014.7.0rc1
v2014.7.0rc2
v2014.7.0rc3
v2014.7.0rc4
v2014.7.0rc5
v2014.7.0rc6
v2014.7.0rc7
v2014.7.1
v2014.7.2
v2014.7.3
v2014.7.4
v2014.7.5
v2014.7.6
v2014.7.7
v2014.7.8
v2014.7.9
v2015.*
v2015.2
v2015.2.0rc1
v2015.2.0rc2
v2015.5
v2015.5.0
v2015.5.1
v2015.5.10
v2015.5.11
v2015.5.2
v2015.5.3
v2015.5.4
v2015.5.5
v2015.5.6
v2015.5.7
v2015.5.8
v2015.5.9
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.11
v2015.8.12
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.5
v2015.8.6
v2015.8.7
v2015.8.8
v2015.8.8.2
v2015.8.9
v2016.*
v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.2
v2016.11.4
v2016.11.5
v2016.11.7
v2016.3
v2016.3.0
v2016.3.0rc0
v2016.3.0rc1
v2016.3.0rc2
v2016.3.0rc3
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.5
v2016.3.7
v2016.9
v2017.*
v2017.7.5
v2017.7.6
v2017.7.7
v2018.*
v2018.11
v2018.3.1
v2018.3.2
v2018.3.3
v2019.*
v2019.2
v2019.2.0
v2019.2.1
v2019.2.1rc1
v2019.2.2
v2019.2.2.2
v2019.2.2.3
v2019.2.2_docs
v2019.2.3
v2019.2.3_docs
v2019.2.4
v2019.2.4_docs
v2019.8
Other
v3000
v3000_docs
v3001
v3001rc1
v3000.*
v3000.0rc1
v3000.0rc2
v3000.1
v3000.2
v3000.2_docs