CVE-2021-25281 log

Source
Severity High
Remote Yes
Type Access restriction bypass
Description
An issue was discovered in SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Group Package Affected Fixed Severity Status Ticket
AVG-1624 salt 2019.2.7-1 3002.5-3 High Fixed
Date Advisory Group Package Severity Type
27 Feb 2021 ASA-202102-33 AVG-1624 salt High multiple issues
References
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/