High severityNVD Advisory· Published Sep 8, 2021· Updated Aug 3, 2024

CVE-2021-21996

Description

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Allows root file system access on a Salt minion when source and source_hash URLs are controlled by an attacker.

Vulnerability

In Salt before version 3003.3, a user with control over the source and source_hash URLs can achieve full file system access as root on a salt minion. This vulnerability arises from insufficient validation of these URLs during the state file retrieval process, allowing an attacker to point a minion to arbitrary content [1] [3].

Exploitation

An attacker needs control over the source and source_hash URLs, typically achieved through compromising a Salt master or man-in-the-middle positioning. The attacker then serves a crafted payload, which the minion downloads and executes with root privileges [1].

Impact

Successful exploitation grants the attacker full file system access as root on the target Salt minion, enabling complete compromise of the minion's data and operations [1].

Mitigation

Upgrade Salt to version 3003.3 or later, which was released on September 8, 2021 [1]. For Debian-based systems, follow the instructions in the Debian LTS advisory [1]. Fedora packages were also updated [4]. No workaround is available for unpatched versions.

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
saltPyPI	< 3003.3	3003.3

Affected products

SaltStack/Saltdescription
ghsa-coords72 versions
pkg:pypi/salt pkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/hub-xmlrpc-api&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/py26-compat-tornado&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/py26-compat-tornado&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2 pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Transactional%20Server%2015%20SP2 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Transactional%20Server%2015%20SP3 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/spacecmd&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLS pkg:rpm/suse/spacecmd&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLS pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLS pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLS pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-reports&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/virtualization-formulas&distro=SUSE%20Manager%20Server%20Module%204.2
< 3003.3+ 71 more
- (no CPE)range: < 3003.3
- (no CPE)range: < 3002.2-lp152.3.45.1
- (no CPE)range: < 3002.2-50.1.15.1
- (no CPE)range: < 3.1.2-5.11.1
- (no CPE)range: < 0.4.2-3.12.2
- (no CPE)range: < 0.7-3.3.3
- (no CPE)range: < 0.0.5-8.6.3
- (no CPE)range: < 4.2-4.3.1
- (no CPE)range: < 0.3.4-3.12.2
- (no CPE)range: < 2016.11.10-17.2
- (no CPE)range: < 2016.11.10-11.28.9.1
- (no CPE)range: < 4.2.1-3.3.2
- (no CPE)range: < 4.2.1-3.3.1
- (no CPE)range: < 3000.3-6.15.2
- (no CPE)range: < 3000.3-7.7.11.1
- (no CPE)range: < 4.2.3-3.19.1
- (no CPE)range: < 4.2.3-3.15.1
- (no CPE)range: < 4.2.3-3.15.1
- (no CPE)range: < 3002.2-48.4
- (no CPE)range: < 3002.2-48.4
- (no CPE)range: < 3002.2-48.4
- (no CPE)range: < 3002.2-8.41.17.1
- (no CPE)range: < 3002.2-8.41.17.1
- (no CPE)range: < 3002.2-49.2
- (no CPE)range: < 3002.2-50.1.15.1
- (no CPE)range: < 3000-46.151.2
- (no CPE)range: < 3002.2-49.2
- (no CPE)range: < 3002.2-50.1.15.1
- (no CPE)range: < 3002.2-49.2
- (no CPE)range: < 3002.2-50.1.15.1
- (no CPE)range: < 3002.2-49.2
- (no CPE)range: < 3002.2-50.1.15.1
- (no CPE)range: < 2016.11.10-43.84.1
- (no CPE)range: < 2016.11.10-43.84.1
- (no CPE)range: < 3002.2-48.4
- (no CPE)range: < 3002.2-48.4
- (no CPE)range: < 3002.2-8.41.17.1
- (no CPE)range: < 3002.2-8.41.17.1
- (no CPE)range: < 3002.2-48.4
- (no CPE)range: < 3000-46.151.2
- (no CPE)range: < 4.2.13-18.93.1
- (no CPE)range: < 4.2.13-18.93.1
- (no CPE)range: < 4.1.15-4.30.2
- (no CPE)range: < 4.2.13-4.9.1
- (no CPE)range: < 4.2.9-3.6.2
- (no CPE)range: < 4.1.29-4.44.2
- (no CPE)range: < 4.2.17-4.9.3
- (no CPE)range: < 4.1.19-3.22.2
- (no CPE)range: < 4.2.13-3.9.2
- (no CPE)range: < 4.2.14-27.59.1
- (no CPE)range: < 4.2.14-27.59.1
- (no CPE)range: < 4.2.14-4.9.3
- (no CPE)range: < 4.1.41-3.58.2
- (no CPE)range: < 4.2.30-3.14.4
- (no CPE)range: < 4.1.4-3.6.2
- (no CPE)range: < 4.2.14-3.9.3
- (no CPE)range: < 4.1.30-3.36.1
- (no CPE)range: < 4.2.23-3.9.3
- (no CPE)range: < 0.27-3.12.2
- (no CPE)range: < 0.27-6.3.1
- (no CPE)range: < 4.2.3-3.3.2
- (no CPE)range: < 4.1.31-3.39.2
- (no CPE)range: < 4.2.25-3.13.1
- (no CPE)range: < 4.1-11.46.2
- (no CPE)range: < 4.2-12.11.3
- (no CPE)range: < 4.1-11.46.2
- (no CPE)range: < 4.2-12.11.1
- (no CPE)range: < 4.2.18-3.9.3
- (no CPE)range: < 4.1.31-3.51.2
- (no CPE)range: < 4.2.18-3.11.1
- (no CPE)range: < 4.2.9-3.9.1
- (no CPE)range: < 0.6.1-8.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000