https://x7peeps.com/tags/salt-api/index.htmlHugozh-CNSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/SaltStack_salt-master_salt-api_%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE_CVE_RCE_%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/SaltStack_salt-master_salt-api_%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE_CVE_RCE_%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html深入分析 SaltStack salt-master/salt-api 未授权访问、CVE-2020-11651 清单注入 RCE、CVE-2020-16846 Shell 注入、CVE-2024-38822 Token 绕过、CVE-2025-22236 事件总线绕过、Pillar 数据污染、Salt SSH 隧道利用、SideCar 污染等完整攻击面，覆盖 2013-2025 年全部 38 个高危 CVE 漏洞链及蓝队检测与应急响应