| Name | saltstack_minion_rce |
| CVE | CVE-2020-11651 |
| Exploit Pack | CANVAS |
| Description | saltstack_minion_rce |
| Notes | CVE Name: CVE-2020-11651 References: https://www.immersivelabs.com/resources/blog/hackers-are-currently-attacking-vulnerable-saltstack-systems/ CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11651 Date public: 08/04/2020 NOTES: This module first bypasses the authentication on Salt-master by abusing the _prep_auth_info() function. The module then executes python code as root on the master. Repeatability: Infinite CVSS: 9.8 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |