High severityNVD Advisory· Published Mar 3, 2021· Updated Sep 16, 2024
salt-api unauthenticated remote code execution
CVE-2021-25315
Description
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 3002.2 | 3002.2 |
Affected products
27- ghsa-coords25 versionspkg:pypi/saltpkg:rpm/opensuse/python-distro&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Transactional%20Server%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%204.0
< 3002.2+ 24 more
- (no CPE)range: < 3002.2
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 3002.2-lp152.3.36.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 1.5.0-3.5.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-8.41.8.1
- (no CPE)range: < 3002.2-8.41.8.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-8.41.8.1
- (no CPE)range: < 3002.2-8.41.8.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- (no CPE)range: < 3002.2-37.1
- openSUSE/Tumbleweedv5Range: salt
- Range: salt
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.