{
  "threat_severity" : "Important",
  "public_date" : "2020-11-03T00:00:00Z",
  "bugzilla" : {
    "description" : "salt: salt-netapi improperly validates eauth credentials and tokens",
    "id" : "1895454",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1895454"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-287",
  "details" : [ "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.", "A flaw was found in salt. Invalid eauth credentials and tokens are not handled correctly when calling Salt SSH via the salt-api which could allow an attacker to bypass authentication and gain access to restricted information or to possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "Red Hat Ceph Storage 2 shipped salt for the usage of Red Hat Storage Console 2 (RHSCON-2), which required salt to administrate ceph nodes. RHSCON-2 has reached End Of Life, hence salt is no longer used and supported. Therefore, the salt package provided by Red Hat Ceph Storage 2 has been marked as 'will not fix'.",
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 2",
    "fix_state" : "Will not fix",
    "package_name" : "salt",
    "cpe" : "cpe:/a:redhat:ceph_storage:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-25592\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25592\nhttps://docs.saltstack.com/en/latest/topics/releases/2019.2.7.html\nhttps://docs.saltstack.com/en/latest/topics/releases/3000.5.html\nhttps://docs.saltstack.com/en/latest/topics/releases/3001.3.html\nhttps://docs.saltstack.com/en/latest/topics/releases/3002.1.html\nhttps://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/" ],
  "name" : "CVE-2020-25592",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}