CVE-2021-21996

Published: Sep 8, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

Vendor	Product	Versions
n/a	Saltstack Salt	affected `Saltstack Salt (before 3003.3)`

References

https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

FEDORA-2021-00ada7e667

vendor-advisory

FEDORA-2021-93a7c8b7c6

vendor-advisory

FEDORA-2021-158e9c6eb9

vendor-advisory

DSA-5011

vendor-advisory

[debian-lts-announce] 20211119 [SECURITY] [DLA 2823-1] salt security update

mailing-list

[debian-lts-announce] 20211121 [SECURITY] [DLA 2823-2] salt regression update

mailing-list

GLSA-202310-22

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-21996

Description

Affected Products

References