1945077 – (CVE-2021-25315) CVE-2021-25315 salt: salt-api unauthenticated remote code exec

Bug 1945077 (CVE-2021-25315) - CVE-2021-25315 salt: salt-api unauthenticated remote code exec

Summary: CVE-2021-25315 salt: salt-api unauthenticated remote code exec

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2021-25315
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1945080
Blocks:	1945079
TreeView+	depends on / blocked

Reported:	2021-03-31 10:21 UTC by Dhananjay Arunesh
Modified:	2021-04-06 18:41 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Salt. This issue is caused by an incorrect implementation of the authentication algorithm, where openSUSE Tumbleweed allows local attackers to execute arbitrary code via Salt without the need to specify valid credentials in Salt versions before 3002.2-3. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed:	2021-04-01 23:35:20 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2021-03-31 10:21:51 UTC

A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Reference:
https://bugzilla.suse.com/show_bug.cgi?id=1182382

Comment 1 Dhananjay Arunesh 2021-03-31 10:22:56 UTC

Created salt tracking bugs for this issue:

Affects: fedora-all [bug 1945080]

Comment 2 Sage McTaggart 2021-04-01 19:12:06 UTC

Modifying score to match NIST, as the attacker must be a user of the SUSE Linux Enterprise Sever 15 SP 3

Comment 3 Sage McTaggart 2021-04-01 19:19:00 UTC

External References:

https://bugzilla.suse.com/show_bug.cgi?id=1182382

Comment 4 David Murphy 2021-04-01 22:08:52 UTC

that bug has 
Status:	RESOLVED FIXED

Comment 5 Product Security DevOps Team 2021-04-01 23:35:20 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-25315

Note You need to log in before you can comment on or make changes to this bug.