---

CVE-2021-25315 - log back

CVE-2021-25315 edited at 17 Mar 2021 11:29:27

Description

- An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. + An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue only affects SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3 as well as openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

CVE-2021-25315 edited at 11 Mar 2021 16:49:14
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Authentication bypass
Description	+ An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify valid credentials.
References	+ https://bugzilla.suse.com/show_bug.cgi?id=1182382 + https://bugzilla.suse.com/attachment.cgi?id=846239&action=diff
Notes

CVE-2021-25315 created at 11 Mar 2021 16:47:25