CVE-2021-25283

Опубликовано: 25 фев. 2021

Источник: redhat

CVSS3: 8.1

EPSS Низкий

Описание

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

A flaw was found in Salt. The jinja renderer does not protect against server-side template injection attacks. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Отчет

Salt has been deprecated as of Red Hat Ceph Storage 2.5, as Salt was used to install RHSCON-2 and RHSCON-2 has reached End Of Life.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 2	salt	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-94

https://bugzilla.redhat.com/show_bug.cgi?id=1933331salt: Jinja renderer does not protect against server-side template injection attacks

EPSS

Процентиль: 91%

0.06824

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2021-25283

CVSS3: 9.8

ubuntu

почти 5 лет назад

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

CVE-2021-25283

CVSS3: 9.8

nvd

почти 5 лет назад

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

CVE-2021-25283

CVSS3: 9.8

debian

почти 5 лет назад

An issue was discovered in through SaltStack Salt before 3002.5. The j ...

GHSA-xgmh-gfxw-2hvv

CVSS3: 9.8

github

больше 3 лет назад

SaltStack Salt Server Side Template Injection

BDU:2021-06348

CVSS3: 9.8

fstec

почти 5 лет назад

Уязвимость компонента wheel.pillar_roots.write системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками при проверке вводимых данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 91%

0.06824

Низкий

8.1 High

CVSS3