{"id":15167109,"url":"https://github.com/rossengeorgiev/salt-security-backports","last_synced_at":"2025-09-30T23:30:54.582Z","repository":{"id":149740703,"uuid":"260556433","full_name":"rossengeorgiev/salt-security-backports","owner":"rossengeorgiev","description":"Salt security backports for CVE-2020-11651 \u0026 CVE-2020-11652","archived":true,"fork":false,"pushed_at":"2020-05-18T17:36:18.000Z","size":30,"stargazers_count":108,"open_issues_count":2,"forks_count":17,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-09-22T20:01:40.900Z","etag":null,"topics":["cve-2020-11651","cve-2020-11652","salt","saltstack"],"latest_commit_sha":null,"homepage":"https://docs.saltstack.com/en/latest/topics/releases/3000.2.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rossengeorgiev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-01T20:53:49.000Z","updated_at":"2024-08-12T20:00:58.000Z","dependencies_parsed_at":"2023-05-12T00:15:49.203Z","dependency_job_id":null,"html_url":"https://github.com/rossengeorgiev/salt-security-backports","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rossengeorgiev%2Fsalt-security-backports","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rossengeorgiev%2Fsalt-security-backports/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rossengeorgiev%2Fsalt-security-backports/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rossengeorgiev%2Fsalt-security-backports/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rossengeorgiev","download_url":"https://codeload.github.com/rossengeorgiev/salt-security-backports/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219874984,"owners_count":16554634,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2020-11651","cve-2020-11652","salt","saltstack"],"created_at":"2024-09-27T05:24:44.318Z","updated_at":"2025-09-30T23:30:49.316Z","avatar_url":"https://github.com/rossengeorgiev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Official patches for previous versions can be requested at: https://www.saltstack.com/lp/request-patch-april-2020/\n\n⚠ Patches here are custom, and may differ from official ones ⚠\n\n# Backported security patches for unsupported salt versions\n\n[![Build Status](https://travis-ci.org/rossengeorgiev/salt-security-backports.svg?branch=master)](https://travis-ci.org/rossengeorgiev/salt-security-backports)\n\nPatches in this repo address the following CVEs:\n\n* CVE-2020-11651 \u0026 CVE-2020-11652 - https://labs.f-secure.com/advisories/saltstack-authorization-bypass\n\nAdditionally include the following bugfixes:\n\n* fix typo `_minion_runner` -\u003e `minion_runner`. See: https://docs.saltstack.com/en/latest/topics/releases/3000.2.html#known-issue\n* fix type `_find_file_and_stat` -\u003e `_find_hash_and_stat`. See https://github.com/rossengeorgiev/salt-security-backports/issues/1\n* removal of `run_func` from whitelist\n* missing `import salt.utils.verify`\n\nAbove fixed are included in latest release of SaltStack, specifically `v2019.2.5` and `v3000.3`.\n\n# Check if your salt-master is vulnerable\n\nCheck script needs to be ran locally on your salt-master as `root`\n\n```bash\npython salt-cve-check.py\n```\n\nExample output for Salt 2017.7.8:\n\n```bash\n[+] Salt version: 2017.7.8\n[ ] This version of salt is vulnerable! Check results below\n[+] Checking salt-master (127.0.0.1:4506) status... ONLINE\n[+] Checking if vulnerable to CVE-2020-11651... YES\n[+] Checking if vulnerable to CVE-2020-11652 (read_token)... YES\n[+] Checking if vulnerable to CVE-2020-11652 (read)... YES\n[+] Checking if vulnerable to CVE-2020-11652 (write1)... YES\n[+] Checking if vulnerable to CVE-2020-11652 (write2)... YES\n```\n\n# Applying the patches\n\n```bash\n# locate the salt package directory (use python3 if necessary)\n\npython -c \"import imp; print(imp.find_module('salt')[1])\"\n\n# in my case: /usr/lib/python2.7/dist-packages/salt\n# apply patches\n# (adding -b flag will backup file before modifications at same path with .orig suffix)\n# (patch can be reversed running the same command with -R flag)\n\npatch -p2 -d /usr/lib/python2.7/dist-packages/salt \u003c 2017.7.8_CVE-2020-11651.patch\npatch -p2 -d /usr/lib/python2.7/dist-packages/salt \u003c 2017.7.8_CVE-2020-11652.patch\n\n# restart salt-master\n\nsystemctl restart salt-master\n# or\nservice salt-master restart\n```\n\nRerun the check script:\n\n```bash\nuser@salt # python salt-cve-check.py\n[+] Salt version: 2017.7.8\n[ ] This version of salt is vulnerable! Check results below\n[+] Checking salt-master (127.0.0.1:4506) status... ONLINE\n[+] Checking if vulnerable to CVE-2020-11651... NO\n[+] Checking if vulnerable to CVE-2020-11652 (read_token)... NO\n[+] Checking if vulnerable to CVE-2020-11652 (read)... NO\n[+] Checking if vulnerable to CVE-2020-11652 (write1)... NO\n[+] Checking if vulnerable to CVE-2020-11652 (write2)... NO\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frossengeorgiev%2Fsalt-security-backports","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frossengeorgiev%2Fsalt-security-backports","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frossengeorgiev%2Fsalt-security-backports/lists"}