CVE-2020-35662

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

The product does not validate, or incorrectly validates, a certificate.

Name	Vendor	Start Version	End Version
Salt	Saltstack	*	2015.8.10 (excluding)
Salt	Saltstack	2015.8.11 (including)	2015.8.13 (excluding)
Salt	Saltstack	2016.3.0 (including)	2016.3.4 (excluding)
Salt	Saltstack	2016.3.5 (including)	2016.3.6 (excluding)
Salt	Saltstack	2016.3.7 (including)	2016.3.8 (excluding)
Salt	Saltstack	2016.3.9 (including)	2016.11.3 (excluding)
Salt	Saltstack	2016.11.4 (including)	2016.11.5 (excluding)
Salt	Saltstack	2016.11.7 (including)	2016.11.10 (excluding)
Salt	Saltstack	2017.5.0 (including)	2017.7.8 (excluding)
Salt	Saltstack	2018.2.0 (including)	2018.3.5 (including)
Salt	Saltstack	2019.2.0 (including)	2019.2.5 (excluding)
Salt	Saltstack	2019.2.6 (including)	2019.2.8 (excluding)
Salt	Saltstack	3000 (including)	3000.6 (excluding)
Salt	Saltstack	3001 (including)	3001.4 (excluding)
Salt	Saltstack	3002 (including)	3002.5 (excluding)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-35662
CWE	https://cwe.mitre.org/data/definitions/295.html

Improper Certificate Validation