CVE-2021-25282 - log back

CVE-2021-25282 edited at 27 Feb 2021 09:18:05
Description
- An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
+ An issue was discovered in SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
CVE-2021-25282 edited at 27 Feb 2021 09:16:41
Description
- A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. Unauthorized access to wheel_async through the salt-api can execute arbitrary code/commands.
+ An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
CVE-2021-25282 edited at 26 Feb 2021 13:32:02
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Directory traversal
Description
+ A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. Unauthorized access to wheel_async through the salt-api can execute arbitrary code/commands.
References
+ https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
Notes
CVE-2021-25282 created at 26 Feb 2021 13:09:24