CVE-2021-25283
published 2021-02-27CVE-2021-25283: An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
10.43%
95.2th percentile
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| saltstack | salt | < 2015.8.10 | 2015.8.10 |
| saltstack | salt | >= 0 < 2015.8.10 | 2015.8.10 |
| saltstack | salt | >= 0 < 2015.8.13 | 2015.8.13 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1+esm2 | 2015.8.8+ds-1ubuntu0.1+esm2 |
| saltstack | salt | >= 0 < 2017.7.4+dfsg1-1ubuntu18.04.2+esm1 | 2017.7.4+dfsg1-1ubuntu18.04.2+esm1 |
| saltstack | salt | >= 2015.8.11 < 2015.8.13 | 2015.8.13 |
| saltstack | salt | >= 2015.8.11 < 2015.8.13 | 2015.8.13 |
| saltstack | salt | >= 2016.11.0 < 2016.11.3 | 2016.11.3 |
| saltstack | salt | >= 2016.11.4 < 2016.11.5 | 2016.11.5 |
| saltstack | salt | >= 2016.11.4 < 2016.11.5 | 2016.11.5 |
| saltstack | salt | >= 2016.11.7 < 2016.11.10 | 2016.11.10 |
| saltstack | salt | >= 2016.11.7 < 2016.11.10 | 2016.11.10 |
| saltstack | salt | >= 2016.3.0 < 2016.3.4 | 2016.3.4 |
| saltstack | salt | >= 2016.3.0 < 2016.3.4 | 2016.3.4 |
| saltstack | salt | >= 2016.3.0 < 2016.11.5 | 2016.11.5 |
| saltstack | salt | >= 2016.3.5 < 2016.3.6 | 2016.3.6 |
| saltstack | salt | >= 2016.3.5 < 2016.3.6 | 2016.3.6 |
| saltstack | salt | >= 2016.3.7 < 2016.3.8 | 2016.3.8 |
| saltstack | salt | >= 2016.3.7 < 2016.3.8 | 2016.3.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable component is the Jinja renderer in SaltStack Salt; monitor for server-side template injection payloads delivered through Salt's Jinja rendering pipeline ↗
- →Flag any Salt installations running versions prior to 3002.5 as vulnerable to SSTI via the Jinja renderer ↗
- ·Red Hat Ceph Storage 2 ships the affected salt package but will NOT receive a fix, as Salt was deprecated in RHCS 2.5 and RHSCON-2 has reached End of Life ↗
- ·The highest threat is to data confidentiality, integrity, and system availability — treat successful exploitation as full system compromise ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2024-08-08·CVSS 9.8
CVE-2020-16846 [CRITICAL] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2020-16846)
It was discovered that Salt incorrectly created certificates with weak
file permissions. (CVE-2020-17490)
It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to bypass authentication.
(CVE-2020-25592)
It was discovered that Salt incorrectly handled crafted process names.
An attacker could possibly use this issue to run arbitrary commands.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)
It was discovered that Salt incorrectly handled validation of SSL/TLS
certificates.
Red Hat
salt: Jinja renderer does not protect against server-side template injection attacks
vendor_redhat·2021-02-25·CVSS 9.8
CVE-2021-25283 [CRITICAL] CWE-94 salt: Jinja renderer does not protect against server-side template injection attacks
salt: Jinja renderer does not protect against server-side template injection attacks
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
A flaw was found in Salt. The jinja renderer does not protect against server-side template injection attacks. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Statement: Salt has been deprecated as of Red Hat Ceph Storage 2.5, as Salt was used to install RHSCON-2 and RHSCON-2 has reached End Of Life.
Package: salt (Red Hat Ceph Storage 2) - Will not fix
OSV
salt vulnerabilities
osv·2024-08-08·CVSS 9.8
CVE-2020-16846 [CRITICAL] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2020-16846)
It was discovered that Salt incorrectly created certificates with weak
file permissions. (CVE-2020-17490)
It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to bypass authentication.
(CVE-2020-25592)
It was discovered that Salt incorrectly handled crafted process names.
An attacker could possibly use this issue to run arbitrary commands.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)
It was discovered that Salt incorrectly handled validation of SSL/TLS
certificates. A remote attacker could possibly use this issue to spoof
a t
OSV
SaltStack Salt Server Side Template Injection
osv·2022-05-24
CVE-2021-25283 [CRITICAL] SaltStack Salt Server Side Template Injection
SaltStack Salt Server Side Template Injection
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
GHSA
SaltStack Salt Server Side Template Injection
ghsa·2022-05-24
CVE-2021-25283 [CRITICAL] CWE-94 SaltStack Salt Server Side Template Injection
SaltStack Salt Server Side Template Injection
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
OSV
CVE-2021-25283: An issue was discovered in through SaltStack Salt before 3002
osv·2021-02-27
CVE-2021-25283 CVE-2021-25283: An issue was discovered in through SaltStack Salt before 3002
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/saltstack/salt/releaseshttps://lists.debian.org/debian-lts-announce/2021/11/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/https://security.gentoo.org/glsa/202103-01https://security.gentoo.org/glsa/202310-22https://www.debian.org/security/2021/dsa-5011https://github.com/saltstack/salt/releaseshttps://lists.debian.org/debian-lts-announce/2021/11/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/https://security.gentoo.org/glsa/202103-01https://security.gentoo.org/glsa/202310-22https://www.debian.org/security/2021/dsa-5011
2021-02-27
Published