UBUNTU-CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

PT-2021-5177 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to improper access restriction in SaltStack Salt, allowing a remote attacker to gain unauthorized access to restricted functions. Specifically, salt-api does not honor...