Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/app-admin/salt@3000.5
Typeebuild
Namespaceapp-admin
Namesalt
Version3000.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3000.8
Latest_non_vulnerable_version3006.6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-cubj-wrbp-1qbu
vulnerability_id VCID-cubj-wrbp-1qbu
summary An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16846.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16846.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-16846
reference_id
reference_type
scores
0
value 0.94387
scoring_system epss
scoring_elements 0.99972
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-16846
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17490
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-104.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-104.yaml
9
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
10
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10
11
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10
12
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10
13
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L12
14
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://github.com/saltstack/salt/releases
15
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
16
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-16846
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-16846
21
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://security.gentoo.org/glsa/202011-13
22
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846
23
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://www.debian.org/security/2021/dsa-4837
24
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
25
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
26
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1379
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-20-1379
27
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
28
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1380
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-20-1380
29
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
30
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1381
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-20-1381
31
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
32
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1382
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-20-1382
33
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
34
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1383
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-20-1383
35
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1895449
reference_id 1895449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1895449
37
reference_url https://github.com/advisories/GHSA-qr38-h96j-2j3w
reference_id GHSA-qr38-h96j-2j3w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qr38-h96j-2j3w
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:49:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
39
reference_url https://usn.ubuntu.com/6948-1/
reference_id USN-6948-1
reference_type
scores
url https://usn.ubuntu.com/6948-1/
40
reference_url https://usn.ubuntu.com/7181-1/
reference_id USN-7181-1
reference_type
scores
url https://usn.ubuntu.com/7181-1/
fixed_packages
0
url pkg:ebuild/app-admin/salt@3000.5
purl pkg:ebuild/app-admin/salt@3000.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/salt@3000.5
aliases CVE-2020-16846, GHSA-qr38-h96j-2j3w, PYSEC-2020-104
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cubj-wrbp-1qbu
1
url VCID-j5th-837s-fkft
vulnerability_id VCID-j5th-837s-fkft
summary In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25592.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25592.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25592
reference_id
reference_type
scores
0
value 0.44938
scoring_system epss
scoring_elements 0.97657
published_at 2026-06-05T12:55:00Z
1
value 0.44938
scoring_system epss
scoring_elements 0.97652
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25592
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17490
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592
7
reference_url https://docs.saltstack.com/en/latest/topics/releases/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.saltstack.com/en/latest/topics/releases/index.html
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-106.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-106.yaml
10
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
11
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.7.rst#L12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.7.rst#L12
12
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.5.rst#L12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.5.rst#L12
13
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.3.rst#L12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.3.rst#L12
14
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L14
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L14
15
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25592
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25592
19
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202011-13
20
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4837
21
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
22
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1895454
reference_id 1895454
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1895454
24
reference_url https://github.com/advisories/GHSA-29j3-2446-5j4w
reference_id GHSA-29j3-2446-5j4w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29j3-2446-5j4w
25
reference_url https://usn.ubuntu.com/6948-1/
reference_id USN-6948-1
reference_type
scores
url https://usn.ubuntu.com/6948-1/
fixed_packages
0
url pkg:ebuild/app-admin/salt@3000.5
purl pkg:ebuild/app-admin/salt@3000.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/salt@3000.5
aliases CVE-2020-25592, GHSA-29j3-2446-5j4w, PYSEC-2020-106
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5th-837s-fkft
2
url VCID-jbea-m4ak-tqd7
vulnerability_id VCID-jbea-m4ak-tqd7
summary The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17490.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17490.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17490
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14553
published_at 2026-06-05T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14483
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17490
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17490
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592
6
reference_url https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-105.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-105.yaml
9
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
10
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10
11
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10
12
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10
13
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L13
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L13
14
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17490
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17490
18
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202011-13
19
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4837
20
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves
21
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1895451
reference_id 1895451
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1895451
23
reference_url https://github.com/advisories/GHSA-3c56-vx6v-q5vh
reference_id GHSA-3c56-vx6v-q5vh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3c56-vx6v-q5vh
24
reference_url https://usn.ubuntu.com/6948-1/
reference_id USN-6948-1
reference_type
scores
url https://usn.ubuntu.com/6948-1/
fixed_packages
0
url pkg:ebuild/app-admin/salt@3000.5
purl pkg:ebuild/app-admin/salt@3000.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/salt@3000.5
aliases CVE-2020-17490, GHSA-3c56-vx6v-q5vh, PYSEC-2020-105
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbea-m4ak-tqd7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/salt@3000.5