CVE-2021-22004 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Insufficient validation |
| Description | An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2356 | salt | 3003.2-1 | 3003.3-1 | Medium | Not affected |
| References |
|---|
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ |