CVE-2021-25281 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-25281 PUBLISHED

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

EPSS 93.85% · 99.9th percentile

Risk Scores

EPSS Score

93.85%

99.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	salt	2015.8.3+ds-1, 2015.8.3+ds-2, 2015.8.3+ds-3
Ubuntu:Pro:14.04:LTS	salt	0.17.1+dfsg-1, 0.17.2-1, 0.17.2-2
Ubuntu:22.04:LTS	salt	3004+dfsg1-6ubuntu1, 3002.6+dfsg1-4, 3002.7+dfsg1-1
Ubuntu:Pro:18.04:LTS	salt	0, 2016.11.5+ds-1, 2016.11.8+dfsg1-1

Timeline

Feb 26, 2021 CVE Published
Mar 31, 2021 PoC Published
Apr 2, 2021 PoC Published
Apr 14, 2021 EPSS Score
Sep 14, 2021 EPSS Score
Sep 16, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Nov 20, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Nov 16, 2022 CrowdSec Sighting
Mar 7, 2023 EPSS Score
Mar 9, 2023 CrowdSec Sighting

References

https://ubuntu.com/security/CVE-2021-25281 third-party-advisory
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ third-party-advisory
https://github.com/saltstack/salt/releases third-party-advisory
https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/ third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-25281 third-party-advisory
https://ubuntu.com/security/notices/USN-6948-1 vendor-advisory

Open in Interactive Console →