CVE-2021-21996

High

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file…

vmware·NVD-CWE-noinfo·Published 2021-09-08

CVSS

7.5

EPSS

0.03

KEV

Exploits

cve.orgen

174 chars

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

NVDen

174 chars

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

OSV.deven

174 chars

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

GHSAen

174 chars

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

NVDes

226 chars

Se detectó un problema en SaltStack Salt versiones anteriores a 3003.3. Un usuario que presenta el control de las URLs source, y source_hash puede conseguir acceso completo al sistema de archivos como root en un minion de Salt

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.1	3.9	10.0	AV:N/AC:H/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H