CVE-2021-31607

CWE-78 — OS Command Injection CWE-77 — Command Injection6 documents5 sources

Severity

7.8HIGH

EPSS

4.5%

top 10.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt Fedoraproject Fedora

Timeline

PublishedApr 23

Latest updateMay 24

Description

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsaltstack/salt2016.9 — 3002.6

▶PyPIsalt2016.11.0 — 3003rc1

Also affects: Fedora 33, 34, 35

Patches

Patch: sec.stealthcopter.com ↗Patch: sec.stealthcopter.com ↗

🔴Vulnerability Details

GHSA

Command Injection in SaltStack Salt↗2022-05-24

▶

OSV

Command Injection in SaltStack Salt↗2022-05-24

▶

OSV

CVE-2021-31607: In SaltStack Salt 2016↗2021-04-23

▶

CVEList

CVE-2021-31607: In SaltStack Salt 2016↗2021-04-23

▶

📋Vendor Advisories

Red Hat

salt: Command injection in the snapper module↗2021-04-23

▶