Home CVE Database CVE-2021-31607

CVE-2021-31607

Description

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

Priority: MEDIUM
CVSS v3: 7.8
Publish Date: Apr 23, 2021
Related ID: --
CVSS v2: HIGH
Modified Date: Apr 23, 2021

Find out more about CVE-2021-31607 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Won't Fix -- -- --
Wind River Linux 8 Legacy -- -- --
Wind River Linux 9 Legacy -- -- --
Wind River Linux 7 Not Vulnerable -- -- --
Wind River Linux LTS 18 Won't Fix -- -- --
Wind River Linux LTS 19 Won't Fix -- -- --
Wind River Linux CD release Won't Fix -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads

Comments

salt

Live chat
Online