---

CVE-2021-25282 - log back

CVE-2021-25282 edited at 27 Feb 2021 09:18:05
Description	- An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. + An issue was discovered in SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

CVE-2021-25282 edited at 27 Feb 2021 09:16:41

Description

- A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. Unauthorized access to wheel_async through the salt-api can execute arbitrary code/commands. + An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

CVE-2021-25282 edited at 26 Feb 2021 13:32:02
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Directory traversal
Description	+ A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. Unauthorized access to wheel_async through the salt-api can execute arbitrary code/commands.
References	+ https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
Notes

CVE-2021-25282 created at 26 Feb 2021 13:09:24