CVE-2021-25315 log

Source
Severity Medium
Remote No
Type Authentication bypass
Description
An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue only affects SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3 as well as openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
Group Package Affected Fixed Severity Status Ticket
AVG-1677 salt 3002.5-3 Medium Not affected
References
https://bugzilla.suse.com/show_bug.cgi?id=1182382
https://bugzilla.suse.com/attachment.cgi?id=846239&action=diff