AVG-1677 log
| Package | salt |
| Status | Not affected |
| Severity | Medium |
| Type | authentication bypass |
| Affected | 3002.5-3 |
| Fixed | Not affected |
| Current | Removed |
| Ticket | None |
| Created | Thu Mar 11 16:47:25 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-25315 | Medium | No | Authentication bypass | An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify... |
| References |
|---|
https://bugzilla.suse.com/show_bug.cgi?id=1182382#c16 |
| Notes |
|---|
According to the reference, "[t]he issue was caused by overlapping of [an] upstream patch and one of [SUSE's] patches" and "[u]pstream was not affected with this issue." |