---

CVE-2021-25284 - log back

CVE-2021-25284 edited at 27 Feb 2021 09:18:21
Description	- An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. + An issue was discovered in SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

CVE-2021-25284 edited at 27 Feb 2021 09:17:36
Description	- A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. Webutils write passwords in cleartext to /var/log/salt/minion. This issue is not present in a default configuration of Salt. + An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

CVE-2021-25284 edited at 26 Feb 2021 13:34:37
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. Webutils write passwords in cleartext to /var/log/salt/minion. This issue is not present in a default configuration of Salt.
References	+ https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
Notes

CVE-2021-25284 created at 26 Feb 2021 13:09:24