CVE-2021-21996 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-21996 PUBLISHED

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

EPSS 2.74% · 85.9th percentile

Risk Scores

EPSS Score

2.74%

85.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	salt	0, 2016.11.5+ds-1, 2016.11.8+dfsg1-1
Ubuntu:22.04:LTS	salt	3004+dfsg1-6ubuntu1, 3004+dfsg1-4, 3002.7+dfsg1-1
Ubuntu:Pro:16.04:LTS	salt	2015.8.8+ds-1, 0, 2015.5.3+ds-1
Ubuntu:Pro:14.04:LTS	salt	0, 0.17.5+ds-1ubuntu0.1~esm4, 0.17.5+ds-1ubuntu0.1~esm2

Timeline

Sep 8, 2021 CVE Published
Sep 9, 2021 EPSS Score
Jan 1, 2022 EPSS Score
Jan 6, 2022 EPSS Score
Feb 27, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 22, 2022 EPSS Score
Aug 19, 2022 EPSS Score
Dec 11, 2022 EPSS Score
Feb 6, 2023 EPSS Score
Apr 4, 2023 EPSS Score
Jul 27, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-21996 third-party-advisory
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-21996 third-party-advisory

Open in Interactive Console →