CVE-2021-25284 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
An issue was discovered in SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
Group Package Affected Fixed Severity Status Ticket
AVG-1624 salt 2019.2.7-1 3002.5-3 High Fixed
Date Advisory Group Package Severity Type
27 Feb 2021 ASA-202102-33 AVG-1624 salt High multiple issues
References
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/