CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21996
https://notcve.org/view.php?id=CVE-2021-21996
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. Se detectó un problema en SaltStack Salt versiones anteriores a 3003.3. Un usuario que presenta el control de las URLs source, y source_hash puede conseguir acceso completo al sistema de archivos como root en un minion de Salt • https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ https://saltproject.io/security_ •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-31607
https://notcve.org/view.php?id=CVE-2021-31607
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). En SaltStack Salt versiones 2016.9 hasta 3002.6, se presenta una vulnerabilidad de inyección de comando en el módulo snapper que permite una escalada local de privilegios en un minion. El ataque requiere que sea creado un archivo con un nombre de ruta respaldado por snapper, y que el maestro llame a la función snapper.diff (que ejecuta popen de manera no segura) • https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25315 – salt-api unauthenticated remote code execution
https://notcve.org/view.php?id=CVE-2021-25315
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. Una vulnerabilidad de Implementación Incorrecta del Algoritmo de Autenticación en SUSE SUSE Linux Enterprise Server versión 15 SP 3; openSUSE Tumbleweed, permite a atacantes locales ejecutar código arbitrario por medio de una sal sin la necesidad de especificar credenciales válidas. Este problema afecta a: salt de SUSE SUSE Linux Enterprise Server versión 15 SP 3 versiones anteriores a 3002.2-3. • https://bugzilla.suse.com/show_bug.cgi?id=1182382 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 84%CPEs: 21EXPL: 0CVE-2021-3197
https://notcve.org/view.php?id=CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. Se detectó un problema en SaltStack Salt versiones anteriores a 3002.5. El cliente ssh de salt-api es vulnerable a una inyección de shell al incluir ProxyCommand en un argumento, o por medio de ssh_options proporcionadas en una petición de API • https://github.com/saltstack/salt/releases https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT7 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.1EPSS: 5%CPEs: 21EXPL: 0CVE-2021-3144
https://notcve.org/view.php?id=CVE-2021-3144
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) En SaltStack Salt versiones anteriores a 3002.5, los tokens de eauth pueden ser usados una vez después de su vencimiento. (Pueden ser usados para ejecutar un comando contra el maestro de sal o los minions) • https://github.com/saltstack/salt/releases https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5 https://saltproject.io/security_announcements/active-saltstack-c • CWE-613: Insufficient Session Expiration •