Описание
SaltStack Salt eauth tokens can be used once after expiration
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-3144
- https://www.debian.org/security/2021/dsa-5011
- https://security.gentoo.org/glsa/202310-22
- https://security.gentoo.org/glsa/202103-01
- https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB
- https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
- https://github.com/saltstack/salt/releases
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L26
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L26
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L26
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2373
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-54.yaml
Пакеты
salt
< 2015.8.13
2015.8.13
salt
>= 2016.3.0, < 2016.11.5
2016.11.5
salt
>= 2016.11.7, < 2016.11.10
2016.11.10
salt
>= 2017.5.0, < 2017.7.8
2017.7.8
salt
>= 2018.2.0, <= 2018.3.5
Отсутствует
salt
>= 3000, < 3000.7
3000.7
salt
>= 3001, < 3001.5
3001.5
salt
>= 3002, < 3002.3
3002.3
salt
>= 2019.2.0, < 2019.2.8
2019.2.8
Связанные уязвимости
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...
Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками при обработке запросов аутентификации для истекших токенов eauth, позволяющая нарушителю выполнить произвольные команды