CVE-2020-11651 PoC — SaltStack Salt 安全漏洞

Source

https://github.com/appcheck-ng/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652

Associated Vulnerability

Title:SaltStack Salt 安全漏洞 (CVE-2020-11651)
Description:SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt 2019.2.4之前版本和3000.2之前的3000.x版本中存在安全漏洞，该漏洞源于salt-master进程的ClearFuncs类没有正确验证方法的调用。远程攻击者可利用该漏洞检索用户令牌或执行任意命令。

Description

Scanning tool to test for SaltStack vulnerabilities CVE-2020-11651 & CVE-2020-11652.

File Snapshot


 [4.0K]  /data/pocs/3b42718477321908f49dc6c60088a05a6675f17c
├── [1.0K]  LICENSE
├── [4.8K]  README.txt
├── [4.0K]  reporting
│   ├── [ 15K]  default_css.py
│   └── [1.8K]  __init__.py
├── [  47]  requirements.txt
└── [ 19K]  salt_rce_scanner.py

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!