CVE-2020-16846

Description

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

NVD
Severity: CRITICAL
CVE ID: CVE-2020-16846
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-16846

Refrence: Project Discovery GitHub

zomy22

Refrence: GitHub

hamza-boudouche

CVE-2020-16846

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept