CVE-2021-21996

Опубликовано: 08 сент. 2021

Источник: debian

EPSS Низкий

Описание

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
salt	fixed	3002.7+dfsg1-1		package

Примечания

https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
Fixed by https://github.com/saltstack/salt/commit/0b75ba190fda9c04cc026ad1aa4a6d572f40349b
https://github.com/openSUSE/salt/commit/57ed9c41a177f57e3d56465662750617ac36cc95

EPSS

Процентиль: 86%

0.02739

Низкий

Связанные уязвимости

CVE-2021-21996

CVSS3: 7.5

ubuntu

больше 4 лет назад

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVE-2021-21996

CVSS3: 7.5

redhat

больше 4 лет назад

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVE-2021-21996

CVSS3: 7.5

nvd

больше 4 лет назад

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

openSUSE-SU-2021:3557-1

suse-cvrf

больше 4 лет назад

Security update for salt

openSUSE-SU-2021:1443-1

suse-cvrf

больше 4 лет назад

Security update for salt

EPSS

Процентиль: 86%

0.02739

Низкий