Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

The vulnerability of the implementation of the salt.wheel.pillar_roots.write method in the configuration management system and remote execution of SaltStack Salt operations allows a perpetrator to disclose sensitive information.

🗓️ 30 Nov 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in salt.wheel.pillar_roots.write allows sensitive data disclosure via path traversal in Salt.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
0day.today		SaltStack Salt API Unauthenticated Remote Command Execution Exploit
2 Apr 202100:00
zdt
IBM Security Bulletins		Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs
19 Oct 202115:38
ibm
IBM Security Bulletins		Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
3 Dec 202118:52
ibm
FreeBSD		salt -- multiple vulnerabilities
25 Feb 202100:00
freebsd
ATTACKERKB		CVE-2021-25281
27 Feb 202100:00
attackerkb
Tenable Nessus		AlmaLinux 8 : GNOME (ALSA-2021:1586)
9 Feb 202200:00
nessus
Tenable Nessus		CentOS 8 : GNOME (CESA-2021:1586)
19 May 202100:00
nessus
Tenable Nessus		Debian DLA-2480-2 : salt regression update
7 Dec 202000:00
nessus
Tenable Nessus		Debian DLA-2815-1 : salt - LTS security update
11 Nov 202100:00
nessus
Tenable Nessus		Debian DSA-5011-1 : salt - security update
19 Nov 202100:00
nessus
Rows per page
Vulners
Node
saltstack,saltRange<3002.5
OR
saltstack,saltRange<2015.8.10
OR
saltstack,saltRange2015.8.112015.8.13
OR
saltstack,saltRange2016.3.52016.3.6
OR
saltstack,saltRange2016.3.72016.3.8
OR
saltstack,saltRange2016.3.92016.11.3
OR
saltstack,saltRange2016.11.42016.11.5
OR
saltstack,saltRange2016.11.72016.11.10
OR
saltstack,saltRange2017.5.02017.7.8
OR
saltstack,saltRange2018.2.02018.3.5
OR
saltstack,saltRange2019.2.02019.2.5
OR
saltstack,saltRange2019.2.62019.2.8
OR
saltstack,saltRange2016.3.02016.3.4
OR
saltstack,saltRange<3001.6
OR
saltstack,saltRange<3000.8
OR
novellsuse_linux_enterprise_server_for_sap_applicationsMatch15
OR
novellsuse_linux_enterprise_serverMatch15-ltss
OR
novellsuse_linux_enterprise_server_for_sap_applicationsMatch12
OR
fedorafedoraMatch32
OR
novellopensuse_leapMatch15.2
OR
fedorafedoraMatch33
OR
fedorafedoraMatch34
OR
novellsuse_linux_enterprise_serverMatch12
SourceLink
accesswww.access.redhat.com/security/cve/cve-2021-25282
cybersecurity-helpwww.cybersecurity-help.cz/vdb/SB2021022809
packetstormsecuritywww.packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
githubwww.github.com/saltstack/salt/releases
securitywww.security.gentoo.org/glsa/202103-01
saltprojectwww.saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
listswww.lists.fedoraproject.org/archives/list/[email protected]/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
listswww.lists.fedoraproject.org/archives/list/[email protected]/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
listswww.lists.fedoraproject.org/archives/list/[email protected]/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
susewww.suse.com/security/cve/CVE-2020-13543.html
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Dec 2024 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 39.1
CVSS 29.4
EPSS0.92312
salt wheel vulnerabilitypillar roots writepath traversalsensitive data exposureremote execution
1