AVG-1677 log

Package salt
Status Not affected
Severity Medium
Type authentication bypass
Affected 3002.5-3
Fixed Not affected
Current 3007.0-1 [extra]
Ticket None
Created Thu Mar 11 16:47:25 2021
Issue Severity Remote Type Description
CVE-2021-25315 Medium No Authentication bypass
An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify...
References
https://bugzilla.suse.com/show_bug.cgi?id=1182382#c16
Notes
According to the reference, "[t]he issue was caused by overlapping of [an] upstream patch and one of [SUSE's] patches" and "[u]pstream was not affected with this issue."