Unauthenticated SSL/TLS Certificate Validation in SaltStack Salt before 3002.5
CVE-2020-28972 · MEDIUM Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
Learn more about our Cis Benchmark Audit For Server Software.