Help Center> Host Security Service (New)> Best Practices> Detecting and Fixing Vulnerabilities> SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)
Updated on 2022-12-02 GMT+08:00

SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)

Security researchers discovered two serious vulnerabilities in SaltStack's products. SaltStack provides a set of product offerings written in Python for automatic C/S O&M. One of the two discovered vulnerabilities is authentication bypass vulnerabilities (CVE-2020-11651), and the other is directory traversal vulnerability (CVE-2020-11652). Attackers can exploit the vulnerabilities to remotely execute commands, read any files on the server, and obtain sensitive information.

If you are a SaltStack user, check your system and implement timely security hardening.

Vulnerability ID

  • CVE-2020-11651
  • CVE-2020-11652

Vulnerability Name

SaltStack remote command execution vulnerability

Scope of Impact

Affected versions:

  • Versions earlier than SaltStack 2019.2.4
  • Versions earlier than SaltStack 3000.2

Unaffected versions:

  • SaltStack 2019.2.4
  • SaltStack 3000.2

Official Solution

  • These vulnerabilities have been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.

    Download address:

  • The default listening ports of Salt Master are 4505 and 4506. You can configure security group rules that prohibit opening the two ports to public networks, or only allow trusted objects to connect to the ports.


Perform the following steps to scan and fix a vulnerability.