A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. Reference: https://bugzilla.suse.com/show_bug.cgi?id=1182382
Created salt tracking bugs for this issue: Affects: fedora-all [bug 1945080]
Modifying score to match NIST, as the attacker must be a user of the SUSE Linux Enterprise Sever 15 SP 3
External References: https://bugzilla.suse.com/show_bug.cgi?id=1182382
that bug has Status: RESOLVED FIXED
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-25315