An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Dec 2023, 18:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202310-22 - Third Party Advisory |
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
31 Oct 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-02-27 05:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-25281
Mitre link : CVE-2021-25281
CVE.ORG link : CVE-2021-25281
JSON object : View
Products Affected
debian
- debian_linux
saltstack
- salt
fedoraproject
- fedora
CWE
CWE-287
Improper Authentication