DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2021-3144", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2021-3144", "description": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", "published": "2021-02-27T05:15:00", "modified": "2021-11-23T22:30:00", "epss": [{"cve": "CVE-2021-3144", "epss": 0.0067, "percentile": 0.76844, "modified": "2023-05-27"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "https://security.alpinelinux.org/vuln/CVE-2021-3144", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2021-3144"], "immutableFields": [], "lastseen": "2023-06-23T11:06:55", "viewCount": 7, "enchantments": {"score": {"value": 7.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202102-33"]}, {"type": "cve", "idList": ["CVE-2021-3144"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2815-1:9EDF2", "DEBIAN:DSA-5011-1:B103B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3144"]}, {"type": "fedora", "idList": ["FEDORA:AE7BA3072F0B", "FEDORA:BFFD030BDAB1", "FEDORA:F08FB30BB4E1"]}, {"type": "freebsd", "idList": ["A1E03A3D-7BE0-11EB-B392-20CF30E32F6D"]}, {"type": "gentoo", "idList": ["GLSA-202103-01"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2815.NASL", "DEBIAN_DSA-5011.NASL", "FEDORA_2021-5756FBF8A6.NASL", "FEDORA_2021-904A2DBC0C.NASL", "FREEBSD_PKG_A1E03A3D7BE011EBB39220CF30E32F6D.NASL", "GENTOO_GLSA-202103-01.NASL", "OPENSUSE-2021-347.NASL", "PHOTONOS_PHSA-2021-1_0-0364_SALT.NASL", "PHOTONOS_PHSA-2021-1_0-0364_SALT3.NASL", "PHOTONOS_PHSA-2021-3_0-0200_SALT3.NASL", "PHOTONOS_PHSA-2021-4_0-0047_SALT3.NASL", "SALTSTACK_3002_5_MULTIPLE_VULNERABILITIES.NASL", "SUSE_SU-2021-0628-1.NASL", "SUSE_SU-2021-0630-1.NASL", "SUSE_SU-2021-0631-1.NASL", "SUSE_SU-2021-14650-1.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-2815-1", "OSV:PYSEC-2021-54"]}, {"type": "photon", "idList": ["PHSA-2021-0047", "PHSA-2021-0200", "PHSA-2021-0364", "PHSA-2021-1.0-0364", "PHSA-2021-3.0-0200", "PHSA-2021-4.0-0047"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3144"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0347-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3144"]}, {"type": "veracode", "idList": ["VERACODE:29526"]}]}, "vulnersScore": 7.1}, "_state": {"score": 1687520033, "dependencies": 1687520033}, "_internal": {"score_hash": "c7cfce6b647d125406c973ac4a47d2b5"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "3002.5-r0", "operator": "lt", "packageName": "salt"}]}

{"osv": [{"lastseen": "2022-05-12T01:18:49", "description": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-27T05:15:00", "type": "osv", "title": "PYSEC-2021-54", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3144"], "modified": "2021-03-31T14:15:00", "id": "OSV:PYSEC-2021-54", "href": "https://osv.dev/vulnerability/PYSEC-2021-54", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-08-16T04:53:23", "description": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-27T05:15:00", "type": "prion", "title": "CVE-2021-3144", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3144"], "modified": "2021-11-23T22:30:00", "id": "PRION:CVE-2021-3144", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-3144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-07-28T00:53:44", "description": "In SaltStack Salt before 3002.5, eauth tokens can be used once after\nexpiration. (They might be used to run command against the salt master or\nminions.)\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983632>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-27T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3144", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3144"], "modified": "2021-02-27T00:00:00", "id": "UB:CVE-2021-3144", "href": "https://ubuntu.com/security/CVE-2021-3144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:53:03", "description": "salt uses an insecure session management. The eauth tokens are not invalidated upon expiration, allowing usage thereafter and these session tokens can be used to run commands against the salt master and minions.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-03-01T05:52:07", "type": "veracode", "title": "Insecure Session Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3144"], "modified": "2021-11-24T00:12:03", "id": "VERACODE:29526", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29526/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-05-27T14:42:41", "description": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-27T05:15:00", "type": "cve", "title": "CVE-2021-3144", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3144"], "modified": "2021-11-23T22:30:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/a:saltstack:salt:2018.3.5", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-3144", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:saltstack:salt:2018.3.5:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-05-27T15:16:16", "description": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-27T05:15:00", "type": "debiancve", "title": "CVE-2021-3144", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3144"], "modified": "2021-02-27T05:15:00", "id": "DEBIANCVE:CVE-2021-3144", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-09-05T20:39:43", "description": "A flaw was found in Salt where tokens can be used once after expiration. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-26T19:02:57", "type": "redhatcve", "title": "CVE-2021-3144", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3144"], "modified": "2023-08-31T16:07:21", "id": "RH:CVE-2021-3144", "href": "https://access.redhat.com/security/cve/cve-2021-3144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:24:31", "description": "An update of the salt3 package has been released.", "cvss3": {}, "published": "2021-02-27T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Salt3 PHSA-2021-3.0-0200", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-3144", "CVE-2021-3148"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:salt3", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0200_SALT3.NASL", "href": "https://www.tenable.com/plugins/nessus/146874", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0200. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146874);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"Photon OS 3.0: Salt3 PHSA-2021-3.0-0200\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the salt3 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-200.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:salt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-api-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-cloud-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-master-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-minion-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-proxy-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-spm-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-ssh-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-syndic-2019.2.8-3.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt3');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:41", "description": "SaltStack reports multiple security vulnerabilities in Salt\n\n- CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n\n- CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client.\n\n- CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.\n\n- CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks.\n\n- CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion\n\n- CVE-2021-3148: command injection in salt.utils.thin.gen_thin()\n\n- CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default.\n\n- CVE-2021-3144: eauth Token can be used once after expiration.\n\n- CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack\n\n- CVE-2020-28243: Local Privilege Escalation in the Minion.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "FreeBSD : salt -- multiple vulnerabilities (a1e03a3d-7be0-11eb-b392-20cf30e32f6d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:py36-salt", "p-cpe:/a:freebsd:freebsd:py36-salt-2019", "p-cpe:/a:freebsd:freebsd:py37-salt", "p-cpe:/a:freebsd:freebsd:py37-salt-2019", "p-cpe:/a:freebsd:freebsd:py38-salt", "p-cpe:/a:freebsd:freebsd:py38-salt-2019", "p-cpe:/a:freebsd:freebsd:py39-salt", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A1E03A3D7BE011EBB39220CF30E32F6D.NASL", "href": "https://www.tenable.com/plugins/nessus/146985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146985);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"FreeBSD : salt -- multiple vulnerabilities (a1e03a3d-7be0-11eb-b392-20cf30e32f6d)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"SaltStack reports multiple security vulnerabilities in Salt\n\n- CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell\ninjection by including ProxyCommand in an argument, or via ssh_options\nprovided in an API request.\n\n- CVE-2021-25281: The Salt-API does not have eAuth credentials for the\nwheel_async client.\n\n- CVE-2021-25282: The salt.wheel.pillar_roots.write method is\nvulnerable to directory traversal.\n\n- CVE-2021-25283: The jinja renderer does not protect against\nserver-side template injection attacks.\n\n- CVE-2021-25284: webutils write passwords in cleartext to\n/var/log/salt/minion\n\n- CVE-2021-3148: command injection in salt.utils.thin.gen_thin()\n\n- CVE-2020-35662: Several places where Salt was not verifying the SSL\ncert by default.\n\n- CVE-2021-3144: eauth Token can be used once after expiration.\n\n- CVE-2020-28972: Code base not validating SSL/TLS certificate of the\nserver, which might allow attackers to obtain sensitive information\nvia a man-in-the-middle attack\n\n- CVE-2020-28243: Local Privilege Escalation in the Minion.\");\n # https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad6e5b97\");\n # https://vuxml.freebsd.org/freebsd/a1e03a3d-7be0-11eb-b392-20cf30e32f6d.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ac11567\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py36-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py36-salt-2019\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py37-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py37-salt-2019\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py38-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py38-salt-2019\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py39-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"py36-salt-2019<2019.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py36-salt-2019>=3000<3002.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py37-salt-2019<2019.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py37-salt-2019>=3000<3002.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py38-salt-2019<2019.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py38-salt-2019>=3000<3002.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py36-salt<2019.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py36-salt>=3000<3002.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py37-salt<2019.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py37-salt>=3000<3002.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py38-salt<2019.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py38-salt>=3000<3002.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py39-salt<2019.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py39-salt>=3000<3002.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:31", "description": "An update of the salt package has been released.", "cvss3": {}, "published": "2021-02-27T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Salt PHSA-2021-1.0-0364", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:salt", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0364_SALT.NASL", "href": "https://www.tenable.com/plugins/nessus/146878", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0364. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146878);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"Photon OS 1.0: Salt PHSA-2021-1.0-0364\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the salt package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-364.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-api-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-cloud-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-master-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-minion-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-proxy-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-spm-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-ssh-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-syndic-2019.2.4-2.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:56", "description": "This update for salt fixes the following issues :\n\nFix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n\nAllow extra_filerefs as sanitized kwargs for SSH client\n\nFix errors with virt.update\n\nFix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)\n\nvirt: search for grub.xen path\n\nXen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs\n\nvirt UEFI fix: virt.update when efi=True\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : salt (SUSE-SU-2021:0631-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python2-salt", "p-cpe:/a:novell:suse_linux:python3-salt", "p-cpe:/a:novell:suse_linux:salt", "p-cpe:/a:novell:suse_linux:salt-api", "p-cpe:/a:novell:suse_linux:salt-cloud", "p-cpe:/a:novell:suse_linux:salt-doc", "p-cpe:/a:novell:suse_linux:salt-master", "p-cpe:/a:novell:suse_linux:salt-minion", "p-cpe:/a:novell:suse_linux:salt-proxy", "p-cpe:/a:novell:suse_linux:salt-ssh", "p-cpe:/a:novell:suse_linux:salt-standalone-formulas-configuration", "p-cpe:/a:novell:suse_linux:salt-syndic", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0631-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146885", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0631-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146885);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : salt (SUSE-SU-2021:0631-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for salt fixes the following issues :\n\nFix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n\nAllow extra_filerefs as sanitized kwargs for SSH client\n\nFix errors with virt.update\n\nFix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972)\n(CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281)\n(CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)\n(bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559)\n(bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564)\n(bsc#1181565)\n\nvirt: search for grub.xen path\n\nXen spicevmc, DNS SRV records backports: Fix virtual network generated\nDNS XML for SRV records Don't add spicevmc channel to xen VMs\n\nvirt UEFI fix: virt.update when efi=True\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28243/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35662/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25282/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25283/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3148/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3197/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210631-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1c875ed\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-631=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-631=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-631=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-631=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-631=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-631=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-631=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-631=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-631=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-cloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-minion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-standalone-formulas-configuration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-syndic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-api-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-cloud-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-doc-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-master-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-minion-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-proxy-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-ssh-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-standalone-formulas-configuration-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"salt-syndic-3000-24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"salt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:22", "description": "This update for salt fixes the following issues :\n\nFix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n\nAllow `extra_filerefs` as sanitized `kwargs` for SSH client\n\nFix errors with virt.update\n\nFix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)\n\nvirt: search for `grub.xen` path\n\nXen spicevmc, DNS SRV records backports :\n\n - Fix virtual network generated DNS XML for SRV records\n\n - Don't add spicevmc channel to xen VMs\n\nvirt UEFI fix: virt.update when `efi=True`\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2021:0630-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python2-salt", "p-cpe:/a:novell:suse_linux:python3-salt", "p-cpe:/a:novell:suse_linux:salt", "p-cpe:/a:novell:suse_linux:salt-api", "p-cpe:/a:novell:suse_linux:salt-cloud", "p-cpe:/a:novell:suse_linux:salt-doc", "p-cpe:/a:novell:suse_linux:salt-master", "p-cpe:/a:novell:suse_linux:salt-minion", "p-cpe:/a:novell:suse_linux:salt-proxy", "p-cpe:/a:novell:suse_linux:salt-ssh", "p-cpe:/a:novell:suse_linux:salt-standalone-formulas-configuration", "p-cpe:/a:novell:suse_linux:salt-syndic", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146904", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0630-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146904);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2021:0630-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for salt fixes the following issues :\n\nFix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n\nAllow `extra_filerefs` as sanitized `kwargs` for SSH client\n\nFix errors with virt.update\n\nFix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972)\n(CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281)\n(CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)\n(bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559)\n(bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564)\n(bsc#1181565)\n\nvirt: search for `grub.xen` path\n\nXen spicevmc, DNS SRV records backports :\n\n - Fix virtual network generated DNS XML for SRV records\n\n - Don't add spicevmc channel to xen VMs\n\nvirt UEFI fix: virt.update when `efi=True`\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28243/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35662/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25282/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25283/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3148/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3197/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210630-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?160025cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2021-630=1\n\nSUSE Linux Enterprise Module for Python2 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-630=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-630=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-cloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-minion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-standalone-formulas-configuration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-syndic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python2-salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python3-salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-api-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-cloud-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-doc-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-master-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-minion-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-proxy-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-ssh-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-standalone-formulas-configuration-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"salt-syndic-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python2-salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python3-salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"salt-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"salt-doc-3000-24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"salt-minion-3000-24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"salt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:04:38", "description": "An update of the salt3 package has been released.", "cvss3": {}, "published": "2021-02-27T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Salt3 PHSA-2021-1.0-0364", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:salt3", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0364_SALT3.NASL", "href": "https://www.tenable.com/plugins/nessus/146877", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0364. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146877);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"Photon OS 1.0: Salt3 PHSA-2021-1.0-0364\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the salt3 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-364.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:salt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-api-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-cloud-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-master-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-minion-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-proxy-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-spm-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-ssh-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-syndic-2019.2.4-2.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt3');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:08", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-904a2dbc0c advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. (CVE-2020-35662)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. (CVE-2021-25284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "Fedora 32 : salt (2021-904a2dbc0c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2022-01-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:salt"], "id": "FEDORA_2021-904A2DBC0C.NASL", "href": "https://www.tenable.com/plugins/nessus/146970", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-904a2dbc0c\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146970);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-904a2dbc0c\");\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"Fedora 32 : salt (2021-904a2dbc0c)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-904a2dbc0c advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to\n command injection via a crafted process name. This allows for a local privilege escalation by any user\n able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the\n vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL\n certificate is not always validated. (CVE-2020-35662)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to\n run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can\n result in salt.utils.thin.gen_thin() command injection because of different handling of single versus\n double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a\n shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials\n for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method\n is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect\n against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials\n to the info or error log level. (CVE-2021-25284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-904a2dbc0c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected salt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:salt\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'salt-3001.6-1.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:58", "description": "The remote host is affected by the vulnerability described in GLSA-202103-01 (Salt: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary commands via salt-api, cause a Denial of Service condition, bypass access restrictions or disclose sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2021-04-01T00:00:00", "type": "nessus", "title": "GLSA-202103-01 : Salt: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-04-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:salt", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202103-01.NASL", "href": "https://www.tenable.com/plugins/nessus/148273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202103-01.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148273);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/05\");\n\n script_cve_id(\"CVE-2020-28243\", \"CVE-2020-28972\", \"CVE-2020-35662\", \"CVE-2021-25281\", \"CVE-2021-25282\", \"CVE-2021-25283\", \"CVE-2021-25284\", \"CVE-2021-3144\", \"CVE-2021-3148\", \"CVE-2021-3197\");\n script_xref(name:\"GLSA\", value:\"202103-01\");\n\n script_name(english:\"GLSA-202103-01 : Salt: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202103-01\n(Salt: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Salt. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary commands via\n salt-api, cause a Denial of Service condition, bypass access restrictions\n or disclose sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202103-01\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Salt users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/salt-3000.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/salt\", unaffected:make_list(\"ge 3000.8\"), vulnerable:make_list(\"lt 3000.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Salt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:58", "description": "This update for salt fixes the following issues :\n\n - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n\n - Allow `extra_filerefs` as sanitized `kwargs` for SSH client\n\n - Fix errors with virt.update\n\n - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)\n\n - virt: search for `grub.xen` path\n\n - Xen spicevmc, DNS SRV records backports :\n\n - Fix virtual network generated DNS XML for SRV records\n\n - Don't add spicevmc channel to xen VMs\n\n - virt UEFI fix: virt.update when `efi=True` \n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : salt (openSUSE-2021-347)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python2-salt", "p-cpe:/a:novell:opensuse:python3-salt", "p-cpe:/a:novell:opensuse:salt", "p-cpe:/a:novell:opensuse:salt-api", "p-cpe:/a:novell:opensuse:salt-bash-completion", "p-cpe:/a:novell:opensuse:salt-cloud", "p-cpe:/a:novell:opensuse:salt-fish-completion", "p-cpe:/a:novell:opensuse:salt-master", "p-cpe:/a:novell:opensuse:salt-minion", "p-cpe:/a:novell:opensuse:salt-proxy", "p-cpe:/a:novell:opensuse:salt-ssh", "p-cpe:/a:novell:opensuse:salt-standalone-formulas-configuration", "p-cpe:/a:novell:opensuse:salt-syndic", "p-cpe:/a:novell:opensuse:salt-zsh-completion", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-347.NASL", "href": "https://www.tenable.com/plugins/nessus/146897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-347.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146897);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"openSUSE Security Update : salt (openSUSE-2021-347)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for salt fixes the following issues :\n\n - Fix regression on cmd.run when passing tuples as cmd\n (bsc#1182740)\n\n - Allow `extra_filerefs` as sanitized `kwargs` for SSH\n client\n\n - Fix errors with virt.update\n\n - Fix for multiple for security issues (CVE-2020-28243)\n (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148)\n (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282)\n (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)\n (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558)\n (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562)\n (bsc#1181563) (bsc#1181564) (bsc#1181565)\n\n - virt: search for `grub.xen` path\n\n - Xen spicevmc, DNS SRV records backports :\n\n - Fix virtual network generated DNS XML for SRV records\n\n - Don't add spicevmc channel to xen VMs\n\n - virt UEFI fix: virt.update when `efi=True` \n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182740\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected salt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-cloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-minion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-standalone-formulas-configuration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-syndic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:salt-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python2-salt-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python3-salt-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-api-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-bash-completion-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-cloud-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-fish-completion-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-master-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-minion-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-proxy-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-ssh-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-standalone-formulas-configuration-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-syndic-3000-lp152.3.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"salt-zsh-completion-3000-lp152.3.27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2-salt / python3-salt / salt / salt-api / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:38", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14650-1 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. (CVE-2020-35662)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. (CVE-2021-25284)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : salt (SUSE-SU-2021:14650-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2022-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:salt", "p-cpe:/a:novell:suse_linux:salt-doc", "p-cpe:/a:novell:suse_linux:salt-minion", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14650-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150586", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14650-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150586);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14650-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : salt (SUSE-SU-2021:14650-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:14650-1 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to\n command injection via a crafted process name. This allows for a local privilege escalation by any user\n able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the\n vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL\n certificate is not always validated. (CVE-2020-35662)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials\n for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method\n is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect\n against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials\n to the info or error log level. (CVE-2021-25284)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to\n run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can\n result in salt.utils.thin.gen_thin() command injection because of different handling of single versus\n double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a\n shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182740\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-February/008380.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8f71505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3197\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected salt, salt-doc and / or salt-minion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-minion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'salt-2016.11.10-43.69', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3'},\n {'reference':'salt-doc-2016.11.10-43.69', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3'},\n {'reference':'salt-minion-2016.11.10-43.69', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3'},\n {'reference':'salt-2016.11.10-43.69', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'salt-doc-2016.11.10-43.69', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'salt-minion-2016.11.10-43.69', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'salt-2016.11.10-43.69', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3'},\n {'reference':'salt-doc-2016.11.10-43.69', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3'},\n {'reference':'salt-minion-2016.11.10-43.69', 'sp':'3', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3'},\n {'reference':'salt-2016.11.10-43.69', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'salt-doc-2016.11.10-43.69', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'salt-minion-2016.11.10-43.69', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt / salt-doc / salt-minion');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:09", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-5756fbf8a6 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. (CVE-2020-35662)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. (CVE-2021-25284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "Fedora 33 : salt (2021-5756fbf8a6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2022-01-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:salt"], "id": "FEDORA_2021-5756FBF8A6.NASL", "href": "https://www.tenable.com/plugins/nessus/146977", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-5756fbf8a6\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146977);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-5756fbf8a6\");\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"Fedora 33 : salt (2021-5756fbf8a6)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-5756fbf8a6 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to\n command injection via a crafted process name. This allows for a local privilege escalation by any user\n able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the\n vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL\n certificate is not always validated. (CVE-2020-35662)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to\n run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can\n result in salt.utils.thin.gen_thin() command injection because of different handling of single versus\n double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a\n shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials\n for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method\n is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect\n against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials\n to the info or error log level. (CVE-2021-25284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-5756fbf8a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected salt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:salt\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'salt-3002.5-1.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:55", "description": "According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities:\n\n - The Salt-API\u2019s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. (CVE-2021-3197)\n\n - The Salt-API does not have eAuth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. (CVE-2021-25281)\n\n - eauth tokens can be used once after expiration. They can be used to run command against the salt master or minions. (CVE-2021-3144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version", "cvss3": {}, "published": "2021-03-25T00:00:00", "type": "nessus", "title": "SaltStack < 3002.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["cpe:/a:saltstack:salt"], "id": "SALTSTACK_3002_5_MULTIPLE_VULNERABILITIES.NASL", "href": "https://www.tenable.com/plugins/nessus/148112", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148112);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"SaltStack < 3002.5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of SaltStack running on the remote server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by\nmultiple vulnerabilities:\n\n - The Salt-API\u00e2\u0080\u0099s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument,\n or via ssh_options provided in an API request. (CVE-2021-3197)\n\n - The Salt-API does not have eAuth credentials for the wheel_async client. Thus, an attacker can remotely\n run any wheel modules on the master. (CVE-2021-25281)\n\n - eauth tokens can be used once after expiration. They can be used to run command against the salt master\n or minions. (CVE-2021-3144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\");\n # https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad6e5b97\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SaltStack version referenced in the vendor security advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28243\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:saltstack:salt\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"saltstack_salt_linux_installed.nbin\");\n script_require_keys(\"installed_sw/SaltStack Salt Master\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_info = vcf::get_app_info(app:'SaltStack Salt Master');\n\nvcf::check_all_backporting(app_info:app_info);\n\n# report paranoia for older versions.\nif ((app_info['version'] =~ \"201[5-9](\\.[0-9]{1,2}){2}\" ) && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [\n { 'min_version' : '3000.0', 'fixed_version' : '3000.7' , 'fixed_display' : '3000.7 / 3000.8'},\n { 'min_version' : '3001.0', 'fixed_version' : '3001.6' },\n { 'min_version' : '3002.0', 'fixed_version' : '3002.5' }\n\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:42", "description": "This update for salt fixes the following issues :\n\nFix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n\nAllow `extra_filerefs` as sanitized `kwargs` for SSH client\n\nFix errors with virt.update\n\nFix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)\n\nvirt: search for `grub.xen` path\n\nXen spicevmc, DNS SRV records backports :\n\n - Fix virtual network generated DNS XML for SRV records\n\n - Don't add spicevmc channel to xen VMs\n\nvirt UEFI fix: virt.update when `efi=True`\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : salt (SUSE-SU-2021:0628-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-11-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python2-salt", "p-cpe:/a:novell:suse_linux:python3-salt", "p-cpe:/a:novell:suse_linux:salt", "p-cpe:/a:novell:suse_linux:salt-api", "p-cpe:/a:novell:suse_linux:salt-cloud", "p-cpe:/a:novell:suse_linux:salt-doc", "p-cpe:/a:novell:suse_linux:salt-master", "p-cpe:/a:novell:suse_linux:salt-minion", "p-cpe:/a:novell:suse_linux:salt-proxy", "p-cpe:/a:novell:suse_linux:salt-ssh", "p-cpe:/a:novell:suse_linux:salt-standalone-formulas-configuration", "p-cpe:/a:novell:suse_linux:salt-syndic", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0628-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146921", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0628-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146921);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/09\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : salt (SUSE-SU-2021:0628-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for salt fixes the following issues :\n\nFix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n\nAllow `extra_filerefs` as sanitized `kwargs` for SSH client\n\nFix errors with virt.update\n\nFix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972)\n(CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281)\n(CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)\n(bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559)\n(bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564)\n(bsc#1181565)\n\nvirt: search for `grub.xen` path\n\nXen spicevmc, DNS SRV records backports :\n\n - Fix virtual network generated DNS XML for SRV records\n\n - Don't add spicevmc channel to xen VMs\n\nvirt UEFI fix: virt.update when `efi=True`\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28243/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35662/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25282/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25283/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3148/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3197/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210628-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a444e59\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-628=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-628=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-628=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-628=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-cloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-minion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-standalone-formulas-configuration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:salt-syndic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"python2-salt-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"python3-salt-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-api-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-cloud-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-doc-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-master-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-minion-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-proxy-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-ssh-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-standalone-formulas-configuration-3000-5.106.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"salt-syndic-3000-5.106.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"salt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:03", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2815 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. (CVE-2020-35662)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. (CVE-2021-25284)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). (CVE-2021-31607)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "Debian DLA-2815-1 : salt - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-31607", "CVE-2021-3197"], "modified": "2022-04-01T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:salt-api", "p-cpe:/a:debian:debian_linux:salt-cloud", "p-cpe:/a:debian:debian_linux:salt-common", "p-cpe:/a:debian:debian_linux:salt-doc", "p-cpe:/a:debian:debian_linux:salt-master", "p-cpe:/a:debian:debian_linux:salt-minion", "p-cpe:/a:debian:debian_linux:salt-proxy", "p-cpe:/a:debian:debian_linux:salt-ssh", "p-cpe:/a:debian:debian_linux:salt-syndic", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2815.NASL", "href": "https://www.tenable.com/plugins/nessus/155123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2815. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155123);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/01\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-31607\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0524-S\");\n\n script_name(english:\"Debian DLA-2815-1 : salt - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2815 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to\n command injection via a crafted process name. This allows for a local privilege escalation by any user\n able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the\n vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL\n certificate is not always validated. (CVE-2020-35662)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials\n for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method\n is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect\n against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials\n to the info or error log level. (CVE-2021-25284)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to\n run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can\n result in salt.utils.thin.gen_thin() command injection because of different handling of single versus\n double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module\n that allows for local privilege escalation on a minion. The attack requires that a file is created with a\n pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes\n popen unsafely). (CVE-2021-31607)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a\n shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/salt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-28243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-28972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-35662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-31607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/salt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the salt packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 2016.11.2+ds-1+deb9u7.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-cloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-minion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-syndic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'salt-api', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-cloud', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-common', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-doc', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-master', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-minion', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-proxy', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-ssh', 'reference': '2016.11.2+ds-1+deb9u7'},\n {'release': '9.0', 'prefix': 'salt-syndic', 'reference': '2016.11.2+ds-1+deb9u7'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt-api / salt-cloud / salt-common / salt-doc / salt-master / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:48", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5011 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. (CVE-2020-35662)\n\n - An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. (CVE-2021-21996)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. (CVE-2021-25284)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). (CVE-2021-31607)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-19T00:00:00", "type": "nessus", "title": "Debian DSA-5011-1 : salt - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-21996", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-31607", "CVE-2021-3197"], "modified": "2022-04-01T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:salt-api", "p-cpe:/a:debian:debian_linux:salt-cloud", "p-cpe:/a:debian:debian_linux:salt-common", "p-cpe:/a:debian:debian_linux:salt-doc", "p-cpe:/a:debian:debian_linux:salt-master", "p-cpe:/a:debian:debian_linux:salt-minion", "p-cpe:/a:debian:debian_linux:salt-proxy", "p-cpe:/a:debian:debian_linux:salt-ssh", "p-cpe:/a:debian:debian_linux:salt-syndic", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5011.NASL", "href": "https://www.tenable.com/plugins/nessus/155634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5011. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155634);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/01\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-21996\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-31607\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0524-S\");\n\n script_name(english:\"Debian DSA-5011-1 : salt - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5011 advisory.\n\n - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to\n command injection via a crafted process name. This allows for a local privilege escalation by any user\n able to create a files on the minion in a non-blacklisted directory. (CVE-2020-28243)\n\n - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the\n vmware.py files) does not always validate the SSL/TLS certificate. (CVE-2020-28972)\n\n - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL\n certificate is not always validated. (CVE-2020-35662)\n\n - An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and\n source_hash URLs can gain full file system access as root on a salt minion. (CVE-2021-21996)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials\n for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n (CVE-2021-25281)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method\n is vulnerable to directory traversal. (CVE-2021-25282)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect\n against server side template injection attacks. (CVE-2021-25283)\n\n - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials\n to the info or error log level. (CVE-2021-25284)\n\n - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to\n run command against the salt master or minions.) (CVE-2021-3144)\n\n - An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can\n result in salt.utils.thin.gen_thin() command injection because of different handling of single versus\n double quotes. This is related to salt/utils/thin.py. (CVE-2021-3148)\n\n - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module\n that allows for local privilege escalation on a minion. The attack requires that a file is created with a\n pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes\n popen unsafely). (CVE-2021-31607)\n\n - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a\n shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\n (CVE-2021-3197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/salt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-5011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-28243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-28972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-35662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-21996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-31607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/salt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/salt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the salt packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 3002.6+dfsg1-4+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-cloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-minion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:salt-syndic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'salt-api', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-cloud', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-common', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-doc', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-master', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-minion', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-proxy', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-ssh', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '10.0', 'prefix': 'salt-syndic', 'reference': '2018.3.4+dfsg1-6+deb10u3'},\n {'release': '11.0', 'prefix': 'salt-api', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-cloud', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-common', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-doc', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-master', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-minion', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-proxy', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-ssh', 'reference': '3002.6+dfsg1-4+deb11u1'},\n {'release': '11.0', 'prefix': 'salt-syndic', 'reference': '3002.6+dfsg1-4+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt-api / salt-cloud / salt-common / salt-doc / salt-master / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:53", "description": "An update of the salt3 package has been released.", "cvss3": {}, "published": "2021-06-21T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Salt3 PHSA-2021-4.0-0047", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-25315", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-31607", "CVE-2021-3197"], "modified": "2022-04-01T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:salt3", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0047_SALT3.NASL", "href": "https://www.tenable.com/plugins/nessus/150920", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0047. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150920);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/01\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-25315\",\n \"CVE-2021-31607\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0524-S\");\n\n script_name(english:\"Photon OS 4.0: Salt3 PHSA-2021-4.0-0047\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the salt3 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-47.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SaltStack Salt API Unauthenticated RCE through wheel_async client');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:salt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-api-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-cloud-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-master-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-minion-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-proxy-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-spm-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-ssh-3003-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'salt3-syndic-3003-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt3');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-06-06T15:26:42", "description": "Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individ ual servers, handle them quickly and through a simple and manageable interface. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-02T15:56:30", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: salt-3002.5-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-03-02T15:56:30", "id": "FEDORA:BFFD030BDAB1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:42", "description": "Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individ ual servers, handle them quickly and through a simple and manageable interface. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-19T20:22:58", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: salt-3002.5-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-03-19T20:22:58", "id": "FEDORA:AE7BA3072F0B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:42", "description": "Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individ ual servers, handle them quickly and through a simple and manageable interface. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-02T15:35:09", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: salt-3001.6-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-03-02T15:35:09", "id": "FEDORA:F08FB30BB4E1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2023-06-06T16:16:05", "description": "Updates of ['salt3', 'salt'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0364", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-02-27T00:00:00", "id": "PHSA-2021-0364", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-364", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T11:47:56", "description": "An update of {'salt3', 'salt'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-26T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0364", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-02-26T00:00:00", "id": "PHSA-2021-1.0-0364", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-364", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:56:19", "description": "Updates of ['linux-aws', 'linux-secure', 'python3-Pygments', 'linux-rt', 'salt3', 'linux', 'lz4'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-16T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0047", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-20270", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-25315", "CVE-2021-27291", "CVE-2021-3144", "CVE-2021-31440", "CVE-2021-3148", "CVE-2021-31607", "CVE-2021-3197", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3520", "CVE-2021-3543"], "modified": "2021-06-16T00:00:00", "id": "PHSA-2021-0047", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-47", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-25T11:47:27", "description": "Updates of ['python3-Pygments', 'linux-aws', 'lz4', 'linux-rt', 'linux-secure', 'linux', 'salt3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-16T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-4.0-0047", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26147", "CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-20270", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-25315", "CVE-2021-27291", "CVE-2021-3144", "CVE-2021-31440", "CVE-2021-3148", "CVE-2021-31607", "CVE-2021-3197", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3520", "CVE-2021-3543"], "modified": "2021-06-16T00:00:00", "id": "PHSA-2021-4.0-0047", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-47", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:44:43", "description": "Updates of ['openssl', 'go', 'nxtgn-openssl', 'openldap', 'salt3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0200", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2020-36221", "CVE-2020-36222", "CVE-2020-36223", "CVE-2020-36224", "CVE-2020-36225", "CVE-2020-36226", "CVE-2020-36227", "CVE-2020-36228", "CVE-2020-36229", "CVE-2020-36230", "CVE-2021-23839", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-3115", "CVE-2021-3144", "CVE-2021-3148"], "modified": "2021-02-27T00:00:00", "id": "PHSA-2021-0200", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-200", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-25T13:08:39", "description": "Updates of ['go', 'openldap', 'openssl', 'nxtgn-openssl', 'salt3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-27T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-3.0-0200", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2020-36221", "CVE-2020-36222", "CVE-2020-36223", "CVE-2020-36224", "CVE-2020-36225", "CVE-2020-36226", "CVE-2020-36227", "CVE-2020-36228", "CVE-2020-36229", "CVE-2020-36230", "CVE-2021-23839", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-3115", "CVE-2021-3144", "CVE-2021-3148"], "modified": "2021-02-27T00:00:00", "id": "PHSA-2021-3.0-0200", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-200", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2023-06-06T15:10:11", "description": "Arch Linux Security Advisory ASA-202102-33\n==========================================\n\nSeverity: High\nDate : 2021-02-27\nCVE-ID : CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3144\nCVE-2021-3148 CVE-2021-3197 CVE-2021-25281 CVE-2021-25282\nCVE-2021-25283 CVE-2021-25284\nPackage : salt\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1624\n\nSummary\n=======\n\nThe package salt before version 3002.5-3 is vulnerable to multiple\nissues including access restriction bypass, arbitrary command\nexecution, certificate verification bypass, cross-site scripting,\ninsufficient validation, privilege escalation, directory traversal and\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 3002.5-3.\n\n# pacman -Syu \"salt>=3002.5-3\"\n\nThe problems have been fixed upstream in version 3002.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-28243 (privilege escalation)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The minion's\nrestartcheck is vulnerable to command injection via a crafted process\nname. This allows for a local privilege escalation by any user able to\ncreate files on the minion in a non-blacklisted directory.\n\n- CVE-2020-28972 (certificate verification bypass)\n\nIn SaltStack Salt before 3002.5, authentication to VMware vcenter,\nvsphere, and esxi servers (in the vmware.py files) does not always\nvalidate the SSL/TLS certificate.\n\n- CVE-2020-35662 (certificate verification bypass)\n\nIn SaltStack Salt before 3002.5, when authenticating to services using\ncertain modules, the SSL certificate is not always validated.\n\n- CVE-2021-3144 (insufficient validation)\n\nIn SaltStack Salt before 3002.5, eauth tokens can be used once after\nexpiration. (They might be used to run command against the salt master\nor minions.)\n\n- CVE-2021-3148 (arbitrary command execution)\n\nAn issue was discovered in SaltStack Salt before 3002.5. Sending\ncrafted web requests to the Salt API can result in\nsalt.utils.thin.gen_thin() command injection because of different\nhandling of single versus double quotes. This is related to\nsalt/utils/thin.py.\n\n- CVE-2021-3197 (arbitrary command execution)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The salt-api's\nssh client is vulnerable to a shell injection by including ProxyCommand\nin an argument, or via ssh_options provided in an API request.\n\n- CVE-2021-25281 (access restriction bypass)\n\nAn issue was discovered in SaltStack Salt before 3002.5. salt-api does\nnot honor eauth credentials for the wheel_async client. Thus, an\nattacker can remotely run any wheel modules on the master.\n\n- CVE-2021-25282 (directory traversal)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The\nsalt.wheel.pillar_roots.write method is vulnerable to directory\ntraversal.\n\n- CVE-2021-25283 (cross-site scripting)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The jinja\nrenderer does not protect against server side template injection\nattacks.\n\n- CVE-2021-25284 (information disclosure)\n\nAn issue was discovered in SaltStack Salt before 3002.5.\nsalt.modules.cmdmod can log credentials to the info or error log level.\n\nImpact\n======\n\nA remote unauthenticated attacker could execute commands, bypass TLS\nverification, traverse directories and disclose credentials.\n\nReferences\n==========\n\nhttps://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/\nhttps://security.archlinux.org/CVE-2020-28243\nhttps://security.archlinux.org/CVE-2020-28972\nhttps://security.archlinux.org/CVE-2020-35662\nhttps://security.archlinux.org/CVE-2021-3144\nhttps://security.archlinux.org/CVE-2021-3148\nhttps://security.archlinux.org/CVE-2021-3197\nhttps://security.archlinux.org/CVE-2021-25281\nhttps://security.archlinux.org/CVE-2021-25282\nhttps://security.archlinux.org/CVE-2021-25283\nhttps://security.archlinux.org/CVE-2021-25284", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-27T00:00:00", "type": "archlinux", "title": "[ASA-202102-33] salt: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-02-27T00:00:00", "id": "ASA-202102-33", "href": "https://security.archlinux.org/ASA-202102-33", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-06T12:09:24", "description": "An update that solves 10 vulnerabilities and has two fixes\n is now available.\n\nDescription:\n\n This update for salt fixes the following issues:\n\n - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n - Allow `extra_filerefs` as sanitized `kwargs` for SSH client\n - Fix errors with virt.update\n - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972)\n (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281)\n (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)\n (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559)\n (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564)\n (bsc#1181565)\n - virt: search for `grub.xen` path\n - Xen spicevmc, DNS SRV records backports:\n - Fix virtual network generated DNS XML for SRV records\n - Don't add spicevmc channel to xen VMs\n - virt UEFI fix: virt.update when `efi=True`\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-347=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-26T00:00:00", "type": "suse", "title": "Security update for salt (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-02-26T00:00:00", "id": "OPENSUSE-SU-2021:0347-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CYH7ONK65HNBANHLED5R64OBSM2EORYI/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-06T15:28:27", "description": "\n\nSaltStack reports multiple security vulnerabilities in Salt\n\n\nCVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.\nCVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client.\nCVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.\nCVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks.\nCVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion\nCVE-2021-3148: command injection in salt.utils.thin.gen_thin()\nCVE-2020-35662: Several places where Salt was not verifying the SSL cert by default.\nCVE-2021-3144: eauth Token can be used once after expiration.\nCVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack\nCVE-2020-28243: Local Privilege Escalation in the Minion.\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-25T00:00:00", "type": "freebsd", "title": "salt -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-02-25T00:00:00", "id": "A1E03A3D-7BE0-11EB-B392-20CF30E32F6D", "href": "https://vuxml.freebsd.org/freebsd/a1e03a3d-7be0-11eb-b392-20cf30e32f6d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-06-06T15:24:43", "description": "### Background\n\nSalt is a fast, intelligent and scalable automation engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary commands via salt-api, cause a Denial of Service condition, bypass access restrictions or disclose sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Salt users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/salt-3000.8\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-31T00:00:00", "type": "gentoo", "title": "Salt: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "modified": "2021-03-31T00:00:00", "id": "GLSA-202103-01", "href": "https://security.gentoo.org/glsa/202103-01", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-11-30T01:52:46", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2815-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nNovember 10, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : salt\nVersion : 2016.11.2+ds-1+deb9u7\nCVE ID : CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3144 \n CVE-2021-3148 CVE-2021-3197 CVE-2021-25281 CVE-2021-25282 \n CVE-2021-25283 CVE-2021-25284 CVE-2021-31607\nDebian Bug : 987496 987496\n\nMultiple security vulnerabilities have been discovered in Salt, a powerful\nremote execution manager, that allow for local privilege escalation on a\nminion, server side template injection attacks, insufficient checks for\neauth credentials, shell and command injections or incorrect validation of\nSSL certificates.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2016.11.2+ds-1+deb9u7.\n\nWe recommend that you upgrade your salt packages.\n\nFor the detailed security status of salt please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/salt\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-10T18:08:20", "type": "debian", "title": "[SECURITY] [DLA 2815-1] salt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-31607", "CVE-2021-3197"], "modified": "2021-11-10T18:08:20", "id": "DEBIAN:DLA-2815-1:9EDF2", "href": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T14:38:57", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5011-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 19, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : salt\nCVE ID : CVE-2021-21996 CVE-2021-31607 CVE-2021-25284 CVE-2021-25283\n CVE-2021-25282 CVE-2021-25281 CVE-2021-3197 CVE-2021-3148\n CVE-2021-3144 CVE-2020-35662 CVE-2020-28972 CVE-2020-28243\nDebian Bug : 983632 994016 987496\n\nMultiple security vulnerabilities have been discovered in Salt, a powerful\nremote execution manager, that allow for local privilege escalation on a\nminion, server side template injection attacks, insufficient checks for eauth\ncredentials, shell and command injections or incorrect validation of SSL\ncertificates.\n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2018.3.4+dfsg1-6+deb10u3.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 3002.6+dfsg1-4+deb11u1.\n\nWe recommend that you upgrade your salt packages.\n\nFor the detailed security status of salt please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/salt\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-19T11:19:25", "type": "debian", "title": "[SECURITY] [DSA 5011-1] salt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-21996", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-31607", "CVE-2021-3197"], "modified": "2021-11-19T11:19:25", "id": "DEBIAN:DSA-5011-1:B103B", "href": "https://lists.debian.org/debian-security-announce/2021/msg00197.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}