Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
SaltStack reports multiple security vulnerabilities in Salt 3002:
CVE-2020-16846: Prevent shell injections in netapi ssh client.
CVE-2020-17490: Prevent creating world readable private keys with the tls execution module.
CVE-2020-25592: Properly validate eauth credentials and tokens along with their ACLs.
Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api.
Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls
to Salt ssh.