CVE-2021-21996

Published: Sep 8, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

Affected (7)

Products: Saltstack: Salt · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Saltstack Salt	Before 3000.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

References (16)

https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html

Source: security@vmware.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html

Source: security@vmware.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/

Source: security@vmware.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/

Source: security@vmware.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/

Source: security@vmware.com

Mailing ListThird Party Advisory

https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

Source: security@vmware.com

PatchVendor Advisory

https://security.gentoo.org/glsa/202310-22

Source: security@vmware.com

Third Party Advisory

https://www.debian.org/security/2021/dsa-5011

Source: security@vmware.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.gentoo.org/glsa/202310-22

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-5011

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.