CVE-2020-28972

Source
https://cve.org/CVERecord?id=CVE-2020-28972
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28972.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-28972
Aliases
Downstream
Related
Published
2021-02-27T05:15:13.690Z
Modified
2026-02-13T02:13:26.608941Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events

Affected versions

old-branch-2014.*
old-branch-2014.7
old-branch-2015.*
old-branch-2015.5
old-branch-2015.8
v2015.*
v2015.8.11
v2015.8.12
v2015.8.13
v2016.*
v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.2
v2016.3.0
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.4
v2016.3.5
v2016.9
v2019.*
v2019.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28972.json"