Описание
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| salt | fixed | 3002.5+dfsg1-1 | package | |
| salt | fixed | 2018.3.4+dfsg1-6+deb10u3 | buster | package |
Примечания
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
https://github.com/saltstack/salt/commit/3fbf9a35bc4f7a43f628631f89ebb31f907859e3 (v3002.5)
Связанные уязвимости
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
Уязвимость компонента wheel.pillar_roots.write системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками при проверке вводимых данных, позволяющая нарушителю выполнить произвольный код