CVE-2021-21996: An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. CVE-2021-31607: In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
Please stabilize 3003.3.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a4ba9f2fb65b65e29f00afe38eed9d10ac01301d commit a4ba9f2fb65b65e29f00afe38eed9d10ac01301d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-31 11:57:07 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-31 11:57:38 +0000 [ GLSA 202310-22 ] Salt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/767919 Bug: https://bugs.gentoo.org/812440 Bug: https://bugs.gentoo.org/836365 Bug: https://bugs.gentoo.org/855962 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-22.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+)
