PYSEC-2021-54 — Vulnetix

PYSEC-2021-54 PUBLISHED

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

Affected Products

Vendor	Product	Versions
PyPI	salt	0.10.1, 0.9.2, 0

Timeline

Feb 27, 2021 CVE Published
Apr 22, 2024 CVE Updated
May 1, 2026 Security Advisory

References

https://github.com/saltstack/salt/releases url
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/ url
https://security.gentoo.org/glsa/202103-01 advisory

Open in Interactive Console →