Vulnerability in N/a
CVE-2021-25282
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
EPSS: 0.913 (99.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- github.com/saltstack/salt/releases
- saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
- FEDORA-2021-904a2dbc0c (vendor-advisory)
- FEDORA-2021-5756fbf8a6 (vendor-advisory)
- FEDORA-2021-43eb5584ad (vendor-advisory)
- GLSA-202103-01 (vendor-advisory)
- packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-…
- [debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update (mailing-list)
- DSA-5011 (vendor-advisory)
- [debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update (mailing-list)
Frequently asked questions
- What is CVE-2021-25282?
- CVE-2021-25282 is a vulnerability in N/a. Published 2021-02-27.
- Is CVE-2021-25282 known to be exploited?
- 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.