CVE-2021-31607
published 2021-04-23CVE-2021-31607: In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion…
PriorityP346high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
3.81%
88.7th percentile
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| saltstack | salt | >= 2016.11.0 < 3003rc1 | 3003rc1 |
| saltstack | salt | 2016.9 – 3002.6 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Command Injection in SaltStack Salt
ghsa·2022-05-24
CVE-2021-31607 [HIGH] CWE-77 Command Injection in SaltStack Salt
Command Injection in SaltStack Salt
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
OSV
Command Injection in SaltStack Salt
osv·2022-05-24
CVE-2021-31607 [HIGH] Command Injection in SaltStack Salt
Command Injection in SaltStack Salt
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
OSV
CVE-2021-31607: In SaltStack Salt 2016
osv·2021-04-23
CVE-2021-31607 CVE-2021-31607: In SaltStack Salt 2016
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
Red Hat
salt: Command injection in the snapper module
vendor_redhat·2021-04-23·CVSS 7.8
CVE-2021-31607 [HIGH] CWE-77 salt: Command injection in the snapper module
salt: Command injection in the snapper module
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
A flaw was found in Salt. A command injection vulnerability occurs in the snapper module that allows local privilege escalation on a minion. This attack requires the creation of a file with a pathname that is backed up by snapper, with the master calling the snapper.diff function. Snapper.diff executes the popen unsafely. The highest threat from this vulnerability is to confidentiality, integrity, as well as system
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2021/11/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/https://security.gentoo.org/glsa/202310-22https://www.debian.org/security/2021/dsa-5011https://lists.debian.org/debian-lts-announce/2021/11/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/https://security.gentoo.org/glsa/202310-22https://www.debian.org/security/2021/dsa-5011
2021-04-23
Published