Описание
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| salt | fixed | 3002.5+dfsg1-1 | package | |
| salt | fixed | 2018.3.4+dfsg1-6+deb10u3 | buster | package |
Примечания
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
https://github.com/saltstack/salt/commit/ac2ce3a3a000e428122bc120179e083de95c1de7 (v3002.3)
Regression: https://github.com/saltstack/salt/pull/59664
Regression fix: https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
Regression: https://github.com/saltstack/salt/issues/59793
Regression fix: https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
Связанные уязвимости
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
