Описание
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
A flaw was found in Salt. The Salt-API does not have eAuth credentials for the wheel_async client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Salt has been deprecated as of Red Hat Ceph Storage 2.5, as Salt was used to install RHSCON-2 and RHSCON-2 has reached End Of Life.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | salt | Will not fix |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
An issue was discovered in through SaltStack Salt before 3002.5. salt- ...
SaltStack Salt Improper Authentication vulnerability
Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с неправильным ограничением доступа, позволяющая нарушителю получить несанкционированный доступ к другим ограниченным функциям
8.1 High
CVSS3