Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-31607 - log back

CVE-2021-31607 edited at 09 Sep 2021 12:08:53

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Privilege escalation

Description

+

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

References

+	https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

Notes

CVE-2021-31607 created at 09 Sep 2021 12:07:31