Unauthenticated SSL/TLS Certificate Validation in SaltStack Salt before 3002.5

Unauthenticated SSL/TLS Certificate Validation in SaltStack Salt before 3002.5

CVE-2020-28972 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

Learn more about our Cis Benchmark Audit For Server Software.