CVE-2021-3144 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0 <2015.8.13 || >=2016.3.0 <2016.11.5 || >=2016.11.7 <2016.11.10 || >=2017.5.0 <2017.7.8 || >=2018.2.0 <=2018.3.5 || >=3000 <3000.7 || >=3001 <3001.5 || >=3002 <3002.3 || >=2019.2.0 <2019.2.8

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.04713 pctl0.8896

Details

SaltStack Salt eauth tokens can be used once after expiration In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

Metadata

Created: 2022-05-24T17:43:23Z
Modified: 2024-10-23T18:26:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w2hr-3mc8-46gh/GHSA-w2hr-3mc8-46gh.json
CWE IDs: ["CWE-613"]
Alternative ID: GHSA-w2hr-3mc8-46gh
Finding: F076
Auto approve: 1