CVE-2021-21996

Опубликовано: 02 сент. 2021

Источник: redhat

CVSS3: 7.5

Описание

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

An Exposure of Resource to Wrong Sphere flaw was found in Salt. This flaw allows a user who has control of the source and source_hash URLs to gain full file system access as root on a Salt minion.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 2	salt	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-668

https://bugzilla.redhat.com/show_bug.cgi?id=2041838salt: user having control of source and source_hash URLs leads to root access

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-21996

CVSS3: 7.5

ubuntu

больше 4 лет назад

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVE-2021-21996

CVSS3: 7.5

nvd

больше 4 лет назад

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVE-2021-21996

CVSS3: 7.5

debian

больше 4 лет назад

An issue was discovered in SaltStack Salt before 3003.3. A user who ha ...

openSUSE-SU-2021:3557-1

suse-cvrf

больше 4 лет назад

Security update for salt

openSUSE-SU-2021:1443-1

suse-cvrf

больше 4 лет назад

Security update for salt

7.5 High

CVSS3