QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22004

Published: Sep 8, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.

Vendor	Product	Versions
n/a	Saltstack Salt	affected `Saltstack Salt (before 3003.3)`

References

https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

x_refsource_MISC

FEDORA-2021-00ada7e667

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-93a7c8b7c6

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-158e9c6eb9

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.