Tuesday, March 2, 2021

SUSE: CVE-2021-25281: SUSE Linux Security Advisory

Description
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Solution(s)
  • suse-upgrade-python2-salt
  • suse-upgrade-python3-salt
  • suse-upgrade-salt
  • suse-upgrade-salt-api
  • suse-upgrade-salt-bash-completion
  • suse-upgrade-salt-cloud
  • suse-upgrade-salt-doc
  • suse-upgrade-salt-fish-completion
  • suse-upgrade-salt-master
  • suse-upgrade-salt-minion
  • suse-upgrade-salt-proxy
  • suse-upgrade-salt-ssh
  • suse-upgrade-salt-standalone-formulas-configuration
  • suse-upgrade-salt-syndic
  • suse-upgrade-salt-zsh-completion


  • References
     

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore