← Back

CVE-2021-25315

nvd nist
Published: Mar 3, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Affected (1)

Products: Saltstack: Salt
Saltstack
1 product
Salt
Configuration A
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Salt
Before 3002.2
Running on/withPlatform Versions
Opensuse
Tumbleweed
All versions
Suse
Suse Linux Enterprise Server
Version 15 sp3

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

Source: meissner@suse.de
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.