Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 812440 (CVE-2021-21996, CVE-2021-31607) - <app-admin/salt-3003.3: multiple vulnerabilities (CVE-2021-{21996,31607})
Summary: <app-admin/salt-3003.3: multiple vulnerabilities (CVE-2021-{21996,31607})
Status: CONFIRMED
Alias: CVE-2021-21996, CVE-2021-31607
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://saltproject.io/security_annou...
Whiteboard: B1 [glsa?]
Keywords:
Depends on: 817926
Blocks:
  Show dependency tree
 
Reported: 2021-09-10 11:48 UTC by John Helmert III
Modified: 2022-08-14 16:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 11:48:49 UTC 
CVE-2021-21996:

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVE-2021-31607:

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 11:49:20 UTC 
Please stabilize 3003.3.