Showing 1 - 4 of 4

CVE-2021-25284

Status Candidate

Overview

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Ubuntu Security Notice USN-6948-1: Posted Aug 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6948-1 - It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. It was discovered that Salt incorrectly created certificates with weak file permissions. It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to bypass authentication.; tags | advisory, remote, web, arbitrary; systems | linux, ubuntu; advisories | CVE-2020-16846, CVE-2020-17490, CVE-2020-25592, CVE-2020-28243, CVE-2020-28972, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-25284, CVE-2021-3148, CVE-2021-3197; SHA-256 | 57efb96d5f60e2ff00f2eedcf8822df624f594139bdfc6d7e8b2d03186299d0b; Download | Favorite | View

Gentoo Linux Security Advisory 202310-22: Posted Oct 31, 2023; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202310-22 - Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation. Versions greater than or equal to 3004.2 are affected.; tags | advisory, local, vulnerability; systems | linux, gentoo; advisories | CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-21996, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-25284, CVE-2021-3144, CVE-2021-3148, CVE-2021-31607, CVE-2021-3197, CVE-2022-22934, CVE-2022-22935; SHA-256 | 8d15c49b62885ce5a92b80cc9b7455a545b31835278e8e5f87d3866b3dd6e790; Download | Favorite | View

Debian Security Advisory 5011-1: Posted Nov 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5011-1 - Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates.; tags | advisory, remote, shell, local, vulnerability; systems | linux, debian; advisories | CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-21996, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-25284, CVE-2021-3144, CVE-2021-3148, CVE-2021-31607, CVE-2021-3197; SHA-256 | 7bb7fffca8de5352e1fd6dffa90e1381b4c3e9b7b95fb7359363d2650c0511f0; Download | Favorite | View

Gentoo Linux Security Advisory 202103-01: Posted Mar 31, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202103-1 - Multiple vulnerabilities have been found in Salt, the worst of which could allow remote attacker to execute arbitrary commands. Versions less than 3000.8 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-25284, CVE-2021-3144, CVE-2021-3148, CVE-2021-3197; SHA-256 | 1fb0dacbd9c9195812a7ba36af666c1b8eadeff44eb24cd158f8df8aba52a654; Download | Favorite | View

Page 1 of 1 Back 1 Next