#VU58294 Exposure of Resource to Wrong Sphere in Salt


Published: 2021-11-23

Vulnerability identifier: #VU58294

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21996

CWE-ID: N/A

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Salt
Web applications / Remote management & hosting panels

Vendor: SaltStack

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Salt download URL. A local user with control over the file source URL and its source_hash URL can gain full file system access as root on a salt minion.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Salt: 3003 - 3003.2

External links
http://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for Salt
SUSE update for Security Beta update for SUMA client tools
SUSE update for Security Beta update for Salt
SUSE update for Security Beta update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Client Tools
Debian update for salt
Multiple vulnerabilities in SaltStack Salt
SUSE update for SUSE Manager Server 4.1