Bug 1945077 (CVE-2021-25315)

Summary: CVE-2021-25315 salt: salt-api unauthenticated remote code exec
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: amctagga, anharris, bniver, brycel, david-dm.murphy, flucifre, frederic.pierret, gmeno, hvyas, kp, mbenjamin, mhackett, sostapov, vereddy
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Salt. This issue is caused by an incorrect implementation of the authentication algorithm, where openSUSE Tumbleweed allows local attackers to execute arbitrary code via Salt without the need to specify valid credentials in Salt versions before 3002.2-3. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-01 23:35:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1945080    
Bug Blocks: 1945079    

Description Dhananjay Arunesh 2021-03-31 10:21:51 UTC 
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Reference:
https://bugzilla.suse.com/show_bug.cgi?id=1182382
Comment 1 Dhananjay Arunesh 2021-03-31 10:22:56 UTC 
Created salt tracking bugs for this issue:

Affects: fedora-all [bug 1945080]
Comment 2 Sage McTaggart 2021-04-01 19:12:06 UTC 
Modifying score to match NIST, as the attacker must be a user of the SUSE Linux Enterprise Sever 15 SP 3
Comment 3 Sage McTaggart 2021-04-01 19:19:00 UTC 
External References:

https://bugzilla.suse.com/show_bug.cgi?id=1182382
Comment 4 David Murphy 2021-04-01 22:08:52 UTC 
that bug has 
Status:	RESOLVED FIXED
Comment 5 Product Security DevOps Team 2021-04-01 23:35:20 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-25315