{
  "threat_severity" : "Important",
  "public_date" : "2021-02-25T00:00:00Z",
  "bugzilla" : {
    "description" : "salt: Certain modules do not always validated SSL certificates",
    "id" : "1933342",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1933342"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-295",
  "details" : [ "In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.", "A flaw was found in Salt where several places did not verify the SSL cert by default. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "Salt has been deprecated as of Red Hat Ceph Storage 2.5, as Salt was used to install RHSCON-2 and RHSCON-2 has reached End Of Life.",
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 2",
    "fix_state" : "Will not fix",
    "package_name" : "salt",
    "cpe" : "cpe:/a:redhat:ceph_storage:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-35662\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35662" ],
  "name" : "CVE-2020-35662",
  "csaw" : false
}