CVE-2021-22004
Summary
| CVE | CVE-2021-22004 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-09-08 15:15:00 UTC |
|---|
| Updated | 2023-11-07 03:30:00 UTC |
|---|
| Description | An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 34 Update: salt-3003.3-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: salt-3003.3-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: salt-3003.3-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Salt Security Advisory 2021-SEP-02 - Salt Project |
MISC |
saltproject.io |
|
| [SECURITY] Fedora 33 Update: salt-3003.3-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: salt-3003.3-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: salt-3003.3-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 281892 Fedora Security Update for salt (FEDORA-2021-00ada7e667)
- 281893 Fedora Security Update for salt (FEDORA-2021-93a7c8b7c6)
- 376109 SaltStack Salt Minion Multiple Vulnerabilities
- 501924 Alpine Linux Security Update for salt
