CVE-2021-25284
Description
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SaltStack Salt before 3002.5 logs credentials from salt.modules.cmdmod to info or error log levels.
Vulnerability
CVE-2021-25284 is a security flaw in SaltStack Salt affecting versions prior to 3002.5. The issue resides in the salt.modules.cmdmod module, which inadvertently logs credentials at the info or error log level [1][2]. This means that sensitive information such as passwords or authentication tokens may be written to log files during normal operation.
Exploitation
Exploitation does not require direct network access to the vulnerable function; rather, any user or process with read access to the Salt log files could potentially retrieve the exposed credentials. The vulnerability is triggered when cmdmod is invoked with credentials that are passed as arguments, and the module logs these inputs at an inappropriate severity level [1].
Impact
An attacker who gains access to the log files could obtain credentials used by Salt operations. This could lead to privilege escalation, unauthorized access to managed systems, or compromise of the Salt infrastructure itself [1].
Mitigation
The vulnerability is fixed in Salt version 3002.5 and later [2][4]. Users are advised to upgrade to the patched version. As of the publication date, no workarounds have been documented, and the issue is not known to be listed in the US CISA KEV catalog.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 2015.8.13 | 2015.8.13 |
saltPyPI | >= 2016.3.0, < 2016.11.5 | 2016.11.5 |
saltPyPI | >= 2016.11.7, < 2016.11.10 | 2016.11.10 |
saltPyPI | >= 2017.5.0, < 2017.7.8 | 2017.7.8 |
saltPyPI | >= 2018.2.0, <= 2018.3.5 | — |
saltPyPI | >= 2019.2.0, < 2019.2.8 | 2019.2.8 |
saltPyPI | >= 3000, < 3000.7 | 3000.7 |
saltPyPI | >= 3001, < 3001.5 | 3001.5 |
saltPyPI | >= 3002, < 3002.3 | 3002.3 |
Affected products
32- SaltStack/Saltdescription
- ghsa-coords31 versionspkg:pypi/saltpkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%204.0
< 2015.8.13+ 30 more
- (no CPE)range: < 2015.8.13
- (no CPE)range: < 3000-lp152.3.27.1
- (no CPE)range: < 2016.11.10-10.22.1
- (no CPE)range: < 2016.11.10-6.8.1
- (no CPE)range: < 4.0.12.1-3.68.1
- (no CPE)range: < 4.1.5.1-3.38.1
- (no CPE)range: < 4.0.12.1-0.16.52.1
- (no CPE)range: < 4.1.5.1-3.26.1
- (no CPE)range: < 4.0.12.1-0.16.52.1
- (no CPE)range: < 4.1.5.1-3.26.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-5.106.1
- (no CPE)range: < 3000-5.106.1
- (no CPE)range: < 3000-46.129.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-46.129.1
- (no CPE)range: < 2016.11.10-43.69.1
- (no CPE)range: < 2016.11.10-43.69.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-5.106.1
- (no CPE)range: < 3000-5.106.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-46.129.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-24.1
- (no CPE)range: < 3000-24.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- github.com/advisories/GHSA-r55w-xph5-xvx2ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2021-25284ghsaADVISORY
- security.gentoo.org/glsa/202103-01ghsavendor-advisoryWEB
- security.gentoo.org/glsa/202310-22ghsavendor-advisoryWEB
- www.debian.org/security/2021/dsa-5011ghsavendor-advisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-53.yamlghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rstghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rstghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rstghsaWEB
- lists.debian.org/debian-lts-announce/2021/11/msg00009.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2022/01/msg00000.htmlghsamailing-listWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVBghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XHghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVBghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XHghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5ghsaWEB
- saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25ghsaWEB
- saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/mitre
News mentions
0No linked articles in our index yet.