Bug 1945077 (CVE-2021-25315) - CVE-2021-25315 salt: salt-api unauthenticated remote code exec
Summary: CVE-2021-25315 salt: salt-api unauthenticated remote code exec
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2021-25315
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1945080
Blocks: 1945079
TreeView+ depends on / blocked
 
Reported: 2021-03-31 10:21 UTC by Dhananjay Arunesh
Modified: 2021-04-06 18:41 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Salt. This issue is caused by an incorrect implementation of the authentication algorithm, where openSUSE Tumbleweed allows local attackers to execute arbitrary code via Salt without the need to specify valid credentials in Salt versions before 3002.2-3. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-04-01 23:35:20 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2021-03-31 10:21:51 UTC
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Reference:
https://bugzilla.suse.com/show_bug.cgi?id=1182382

Comment 1 Dhananjay Arunesh 2021-03-31 10:22:56 UTC
Created salt tracking bugs for this issue:

Affects: fedora-all [bug 1945080]

Comment 2 Sage McTaggart 2021-04-01 19:12:06 UTC
Modifying score to match NIST, as the attacker must be a user of the SUSE Linux Enterprise Sever 15 SP 3

Comment 3 Sage McTaggart 2021-04-01 19:19:00 UTC
External References:

https://bugzilla.suse.com/show_bug.cgi?id=1182382

Comment 4 David Murphy 2021-04-01 22:08:52 UTC
that bug has 
Status:	RESOLVED FIXED

Comment 5 Product Security DevOps Team 2021-04-01 23:35:20 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-25315


Note You need to log in before you can comment on or make changes to this bug.