SUSE CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

Remote Code Execution (RCE)

salt is vulnerable to remote code execution. The vulnerability exists due to local privilege escalation where the master calls the snapper.diff function which executes popen unsafely when an attacker creates a file that is backed up by snapper...

Command injection

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

PT-2021-6057 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions 2016.9 through 3002.6 Description: The issue is related to a command injection vulnerability in the snapper module of SaltStack Salt, which can be exploited to achieve local privilege escalation on a minion. This can...