{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SaltStack 3001.x sans le dernier package de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 3000.x sans le dernier package de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 2019.x sans le dernier package de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 2016.11.3, 2016.11.6, 2016.11.10 sans le dernier patch","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 2015.8.10, 2015.8.13 sans le dernier patch","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 2018.3.5 sans le dernier patch","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 2017.7.4, 2017.7.8 sans le dernier patch","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 2016.3.4, 2016.3.6, 2016.3.8 sans le dernier patch","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SaltStack 3002.x sans le dernier package de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-25592","url":"https://www.cve.org/CVERecord?id=CVE-2020-25592"},{"name":"CVE-2020-17490","url":"https://www.cve.org/CVERecord?id=CVE-2020-17490"},{"name":"CVE-2020-16846","url":"https://www.cve.org/CVERecord?id=CVE-2020-16846"}],"links":[],"reference":"CERTFR-2020-AVI-712","revisions":[{"description":"Version initiale","revision_date":"2020-11-04T00:00:00.000000"},{"description":"Correction d'une coquille dans la source.","revision_date":"2020-11-23T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SaltStack. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans SaltStack","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SaltStack du 03 novembre 2020","url":"https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/"}]}