CVE-2021-31607 (High) detected in salt-3002.2.tar.gz
mend-for-github-com opened this issue · 1 comments
CVE-2021-31607 - High Severity Vulnerability
Vulnerable Library - salt-3002.2.tar.gz
Portable, distributed, remote execution and configuration management system
Library home page: https://files.pythonhosted.org/packages/b5/45/a20ff8a3cad48b50a924ee9c65f2df0e214de4fa282c4feef2e1d6a0b886/salt-3002.2.tar.gz
Path to dependency file: cortx-prvsnr/api/python
Path to vulnerable library: /api/python,/api/python/provisioner/commands/configure,/lr-cli
Dependency Hierarchy:
- ❌ salt-3002.2.tar.gz (Vulnerable Library)
Found in HEAD commit: 826740195db179166528d1595f1f978d08c02163
Found in base branch: main
Vulnerability Details
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
Publish Date: 2021-04-23
URL: CVE-2021-31607
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/PYSEC-2021-56
Release Date: 2021-04-23
Fix Resolution: salt - 3003rc1
⛑️ Automatic Remediation is available for this issue
For the convenience of the Seagate development team, this issue has been mirrored in a private Seagate Jira Server: https://jts.seagate.com/browse/CORTX-31677. Note that community members will not be able to access that Jira server but that is not a problem since all activity in that Jira mirror will be copied into this GitHub issue.