CVE-2021-25282 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-25282 PUBLISHED

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

EPSS 90.95% · 99.6th percentile

Risk Scores

EPSS Score

90.95%

99.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	salt	2015.8.3+ds-3, 2015.8.8+ds-1, 2015.8.7+ds-1
Ubuntu:Pro:18.04:LTS	salt	2017.7.4+dfsg1-1ubuntu18.04.2, 2017.7.4+dfsg1-1ubuntu18.04.1, 2017.7.4+dfsg1-1
Ubuntu:22.04:LTS	salt	3004.1+dfsg-2, 0, 3002.6+dfsg1-4
Ubuntu:Pro:14.04:LTS	salt	0.17.2-2, 0.17.2-1, 0.17.1+dfsg-1

Timeline

Feb 26, 2021 CVE Published
Mar 31, 2021 PoC Published
Apr 2, 2021 PoC Published
Apr 14, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Sep 16, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Nov 20, 2021 EPSS Score
Jan 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-25282 third-party-advisory
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ third-party-advisory
https://github.com/saltstack/salt/releases third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-25282 third-party-advisory
https://ubuntu.com/security/notices/USN-6948-1 vendor-advisory

Open in Interactive Console →