SaltStack Salt <3002.5 - Auth Bypass

SaltStack Salt before 3002.5 does not honor eauth credentials for the wheelasync client, allowing attackers to remotely run any wheel modules on the master. id: CVE-2021-25281 info: name: SaltStack Salt 3002.5 - Auth Bypass author: madrobot severity: critical description: SaltStack Salt before...