Published: 03/03/2021 Updated: 22/06/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local malicious users to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions before 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions before 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
saltstack salt

Debian Bug report logs - #985085 salt: CVE-2021-25315 Package: src:salt; Maintainer for src:salt is Debian Salt Team <pkg-salt-team@alioth-listsdebiannet>; Reported by: Elimar Riesebieter <riesebie@lxtecde> Date: Fri, 12 Mar 2021 18:51:02 UTC Severity: grave Tags: patch, security, upstream Found in version salt/3 ...

An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify valid credentials ...

CWE-287 https://bugzilla.suse.com/show_bug.cgi?id=1182382 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985085 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-25315

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-25315

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect