CVE-2021-25315

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25315

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25315.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-25315

Aliases

GHSA-pmj6-9f8c-8g2m

Related

Published

2021-03-03T10:15:13Z

Modified

2024-05-09T11:41:22.680485Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

References

https://bugzilla.suse.com/show_bug.cgi?id=1182382

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type: GIT
Repo: https://github.com/saltstack/salt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

da6819735ce055f16e326472cb1768faece72ad6

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5

old-branch-2015.8

old-branch-2016.*

old-branch-2016.3

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16

v0.17

v0.6.0

v0.7.0

v0.8.0

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v2014.*

v2014.1

v2014.7

v2014.7.0

v2014.7.0rc1

v2014.7.0rc2

v2014.7.0rc3

v2014.7.0rc4

v2014.7.0rc5

v2014.7.0rc6

v2014.7.0rc7

v2014.7.1

v2014.7.2

v2014.7.3

v2014.7.4

v2014.7.5

v2014.7.6

v2014.7.7

v2014.7.8

v2014.7.9

v2015.*

v2015.2

v2015.2.0rc1

v2015.2.0rc2

v2015.5

v2015.5.0

v2015.5.1

v2015.5.11

v2015.5.2

v2015.5.3

v2015.5.4

v2015.5.5

v2015.5.6

v2015.5.7

v2015.5.8

v2015.5.9

v2015.8

v2015.8.0

v2015.8.0rc1

v2015.8.0rc2

v2015.8.0rc3

v2015.8.0rc4

v2015.8.0rc5

v2015.8.1

v2015.8.11

v2015.8.12

v2015.8.13

v2015.8.2

v2015.8.3

v2015.8.4

v2015.8.8

v2015.8.9

v2016.*

v2016.11

v2016.11.0

v2016.11.0rc1

v2016.11.0rc2

v2016.11.1

v2016.11.2

v2016.11.3

v2016.11.4

v2016.11.5

v2016.11.6

v2016.11.9

v2016.3

v2016.3.0

v2016.3.0rc0

v2016.3.0rc1

v2016.3.0rc2

v2016.3.0rc3

v2016.3.1

v2016.3.2

v2016.3.3

v2016.3.4

v2016.3.5

v2016.3.6

v2016.9

v2017.*

v2017.5

v2017.7

v2017.7.0

v2017.7.0rc1

v2017.7.1

v2017.7.2

v2017.7.3

v2017.7.4

v2017.7.5

v2017.7.6

v2017.7.7

v2017.7.8

v2018.*

v2018.11

v2018.2

v2018.3

v2018.3.0

v2018.3.0rc1

v2018.3.1

v2018.3.2

v2018.3.3

v2018.3.4

v2019.*

v2019.2

v2019.2.0

v2019.2.0rc1

v2019.2.0rc2

v2019.2.1

v2019.2.1rc1

Other

v3000

v3000_docs

v3001

v3001rc1

v3002

v3002rc1

v3000.*

v3000.0rc1

v3000.0rc2

v3000.1

v3001.*

v3001.1