CVE-2020-28972

Published: Feb 27, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

FEDORA-2021-904a2dbc0c

vendor-advisory

FEDORA-2021-5756fbf8a6

vendor-advisory

FEDORA-2021-43eb5584ad

vendor-advisory

GLSA-202103-01

vendor-advisory

[debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update

mailing-list

DSA-5011

vendor-advisory

GLSA-202310-22

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-28972

Description

Affected Products

References