Vulnerability-Lookup

CVE-2021-25284 (GCVE-0-2021-25284)

Vulnerability from cvelistv5 – Published: 2021-02-27 00:00 – Updated: 2024-08-03 19:56

Summary

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-R55W-XPH5-XVX2

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2024-10-23 18:25

Summary

SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod

Details

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Severity ?

4.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2015.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.3.0"
            },
            {
              "fixed": "2016.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.11.7"
            },
            {
              "fixed": "2016.11.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2017.5.0"
            },
            {
              "fixed": "2017.7.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2018.2.0"
            },
            {
              "last_affected": "2018.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2019.2.0"
            },
            {
              "fixed": "2019.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3000"
            },
            {
              "fixed": "3000.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3001"
            },
            {
              "fixed": "3001.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3002"
            },
            {
              "fixed": "3002.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25284"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T21:17:02Z",
    "nvd_published_at": "2021-02-27T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in through SaltStack Salt before 3002.5. `salt.modules.cmdmod` can log credentials to the info or error log level.",
  "id": "GHSA-r55w-xph5-xvx2",
  "modified": "2024-10-23T18:25:59Z",
  "published": "2022-05-24T17:43:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25284"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5011"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-22"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202103-01"
    },
    {
      "type": "WEB",
      "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L37"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L37"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L37"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/saltstack/salt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-53.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod "
}

CERTFR-2021-AVI-154

Vulnerability from certfr_avis - Published: 2021-03-02 - Updated: 2021-03-02

De multiples vulnérabilités ont été découvertes dans SaltStack. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Salt versions antérieures à 3002.5, 3001.6 ou 3000.8

References

Title

Publication Time

GSD-2021-25284

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Aliases

CVE-2021-25284

Aliases

CVE-2021-25284

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-25284",
    "description": "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.",
    "id": "GSD-2021-25284",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-25284.html",
      "https://www.debian.org/security/2021/dsa-5011",
      "https://security.archlinux.org/CVE-2021-25284"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-25284"
      ],
      "details": "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.",
      "id": "GSD-2021-25284",
      "modified": "2023-12-13T01:23:21.802461Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-25284",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/saltstack/salt/releases",
            "refsource": "MISC",
            "url": "https://github.com/saltstack/salt/releases"
          },
          {
            "name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
            "refsource": "CONFIRM",
            "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
          },
          {
            "name": "FEDORA-2021-904a2dbc0c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
          },
          {
            "name": "FEDORA-2021-5756fbf8a6",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
          },
          {
            "name": "FEDORA-2021-43eb5584ad",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/"
          },
          {
            "name": "GLSA-202103-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202103-01"
          },
          {
            "name": "[debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
          },
          {
            "name": "DSA-5011",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-5011"
          },
          {
            "name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
          },
          {
            "name": "GLSA-202310-22",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202310-22"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2015.8.13||\u003e=2016.3.0,\u003c2016.11.5||\u003e=2016.11.7,\u003c2016.11.10||\u003e=2017.5.0,\u003c2017.7.8|| \u003e=2018.2.0,\u003c=2018.3.5||\u003e=2019.2.0,\u003c2019.2.8||\u003e=3000,\u003c3000.6||\u003e=3001,\u003c3001.4||\u003e=3002,\u003c3002.5",
          "affected_versions": "All versions before 2015.8.13, all versions starting from 2016.3.0 before 2016.11.5, all versions starting from 2016.11.7 before 2016.11.10, all versions starting from 2017.5.0 before 2017.7.8, all versions starting from 2018.2.0 up to 2018.3.5, all versions starting from 2019.2.0 before 2019.2.8, all versions starting from 3000 before 3000.6, all versions starting from 3001 before 3001.4, all versions starting from 3002 before 3002.5",
          "cvss_v2": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-532",
            "CWE-937"
          ],
          "date": "2022-07-12",
          "description": "An issue was discovered in SaltStack Salt\u0027s `salt.modules.cmdmod` due to logging credentials at the info or error log level.",
          "fixed_versions": [
            "2015.8.13",
            "2016.11.5",
            "2016.11.10",
            "2017.7.8",
            "2019.2.8",
            "3000.6",
            "3001.4",
            "3002.5"
          ],
          "identifier": "CVE-2021-25284",
          "identifiers": [
            "CVE-2021-25284"
          ],
          "not_impacted": "All versions starting from 2015.8.13 before 2016.3.0, all versions starting from 2016.11.5 before 2016.11.7, all versions starting from 2016.11.10 before 2017.5.0, all versions starting from 2017.7.8 before 2018.2.0, all versions after 2018.3.5 before 2019.2.0, all versions starting from 2019.2.8 before 3000, all versions starting from 3000.6 before 3001, all versions starting from 3001.4 before 3002, all versions starting from 3002.5",
          "package_slug": "pypi/salt",
          "pubdate": "2021-02-27",
          "solution": "Upgrade to versions 2015.8.13, 2016.11.5, 2016.11.10, 2017.7.8, 2019.2.8, 3000.6, 3001.4, 3002.5 or above.",
          "title": "Cleartext Storage of Sensitive Information",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-25284",
            "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
          ],
          "uuid": "11ef4a62-fee5-46d6-a1a0-dabc53888e9e"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0F9405E3-F2B0-41BA-A39D-61BB38475A59",
                    "versionEndExcluding": "2015.8.10",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A35C23D3-82D4-46E7-BF08-9229C04C0C3D",
                    "versionEndExcluding": "2015.8.13",
                    "versionStartIncluding": "2015.8.11",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B4741BD5-4C40-48BC-A2C1-E6AB33818201",
                    "versionEndExcluding": "2016.3.4",
                    "versionStartIncluding": "2016.3.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7D28A2B5-316A-45DC-AC85-A0F743C4B3C4",
                    "versionEndExcluding": "2016.3.6",
                    "versionStartIncluding": "2016.3.5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "17C96153-85C1-45DC-A48B-46A3900246E2",
                    "versionEndExcluding": "2016.3.8",
                    "versionStartIncluding": "2016.3.7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "67FBC561-336A-4F25-B347-C4CA029B6E30",
                    "versionEndExcluding": "2016.11.3",
                    "versionStartIncluding": "2016.3.9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A5E17739-655C-4FAC-A73B-985132B32C73",
                    "versionEndExcluding": "2016.11.5",
                    "versionStartIncluding": "2016.11.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "11D84847-0C8A-473A-9186-46FABD7BB59A",
                    "versionEndExcluding": "2016.11.10",
                    "versionStartIncluding": "2016.11.7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3721B047-2595-4E79-8FDD-B1224FC0DD2C",
                    "versionEndExcluding": "2017.7.8",
                    "versionStartIncluding": "2017.5.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EB8FA088-6AAD-46DF-884C-7362CB4BE430",
                    "versionEndIncluding": "2018.3.5",
                    "versionStartIncluding": "2018.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F7A2912C-7F48-465D-B7F2-93ECD0D0CB74",
                    "versionEndExcluding": "2019.2.5",
                    "versionStartIncluding": "2019.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "40369149-A5C3-4759-844F-3510559397C5",
                    "versionEndExcluding": "2019.2.8",
                    "versionStartIncluding": "2019.2.6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "906D2835-186A-455E-84EB-E982564B9CBD",
                    "versionEndExcluding": "3000.6",
                    "versionStartIncluding": "3000",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5F0E0DA3-49F7-4938-9FBD-F3680B1BDBB6",
                    "versionEndExcluding": "3001.4",
                    "versionStartIncluding": "3001",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6B757DF0-6490-4FE7-9C98-5D8C700A4377",
                    "versionEndExcluding": "3002.5",
                    "versionStartIncluding": "3002",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                    "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level."
          },
          {
            "lang": "es",
            "value": "Se detect\u00f3 un problema por medio de SaltStack Salt versiones anteriores a 3002.5.\u0026#xa0;salt.modules.cmdmod puede registrar credenciales para el nivel de registro de informaci\u00f3n o error"
          }
        ],
        "id": "CVE-2021-25284",
        "lastModified": "2023-12-21T18:23:44.710",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "LOW",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 3.4,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-02-27T05:15:14.037",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://github.com/saltstack/salt/releases"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.gentoo.org/glsa/202103-01"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.gentoo.org/glsa/202310-22"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5011"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-522"
              },
              {
                "lang": "en",
                "value": "CWE-532"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

PYSEC-2021-53

Vulnerability from pysec - Published: 2021-02-27 05:15 - Updated: 2021-03-31 14:15

Details

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Impacted products

Name	purl
salt	pkg:pypi/salt

Aliases

CVE-2021-25284

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt",
        "purl": "pkg:pypi/salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2015.8.10"
            },
            {
              "introduced": "2015.8.11"
            },
            {
              "fixed": "2015.8.13"
            },
            {
              "introduced": "2016.3.0"
            },
            {
              "fixed": "2016.3.4"
            },
            {
              "introduced": "2016.3.5"
            },
            {
              "fixed": "2016.3.6"
            },
            {
              "introduced": "2016.3.7"
            },
            {
              "fixed": "2016.3.8"
            },
            {
              "introduced": "2016.11.0"
            },
            {
              "fixed": "2016.11.3"
            },
            {
              "introduced": "2016.11.4"
            },
            {
              "fixed": "2016.11.5"
            },
            {
              "introduced": "2016.11.7"
            },
            {
              "fixed": "2016.11.10"
            },
            {
              "introduced": "2017.7.0"
            },
            {
              "fixed": "2017.7.8"
            },
            {
              "introduced": "2018.3.0rc1"
            },
            {
              "fixed": "2019.2.0rc1"
            },
            {
              "introduced": "2019.2.0"
            },
            {
              "fixed": "2019.2.5"
            },
            {
              "introduced": "2019.2.6"
            },
            {
              "fixed": "2019.2.8"
            },
            {
              "introduced": "3000"
            },
            {
              "fixed": "3000.6"
            },
            {
              "introduced": "3001"
            },
            {
              "fixed": "3001.4"
            },
            {
              "introduced": "3002"
            },
            {
              "fixed": "3002.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.8.7",
        "0.8.9",
        "0.9.0",
        "0.9.1",
        "0.9.2",
        "0.9.3",
        "0.9.4",
        "0.9.5",
        "0.9.6",
        "0.9.7",
        "0.9.8",
        "0.9.9",
        "0.9.9.1",
        "0.10.0",
        "0.10.1",
        "0.10.2",
        "0.10.3",
        "0.10.4",
        "0.10.5",
        "0.11.0",
        "0.11.1",
        "0.12.0",
        "0.12.1",
        "0.13.0",
        "0.13.1",
        "0.13.2",
        "0.13.3",
        "0.14.0",
        "0.14.1",
        "0.15.0",
        "0.15.1",
        "0.15.2",
        "0.15.3",
        "0.15.90",
        "0.16.0",
        "0.16.1",
        "0.16.2",
        "0.16.3",
        "0.16.4",
        "0.17.0rc1",
        "0.17.0",
        "0.17.1",
        "0.17.2",
        "0.17.3",
        "0.17.4",
        "0.17.5",
        "2014.1.0rc1",
        "2014.1.0rc2",
        "2014.1.0rc3",
        "2014.1.0",
        "2014.1.1",
        "2014.1.2",
        "2014.1.3",
        "2014.1.4",
        "2014.1.5",
        "2014.1.6",
        "2014.1.7",
        "2014.1.8",
        "2014.1.9",
        "2014.1.10",
        "2014.1.11",
        "2014.1.12",
        "2014.1.13",
        "2014.7.0rc1",
        "2014.7.0rc2",
        "2014.7.0rc3",
        "2014.7.0rc4",
        "2014.7.0rc5",
        "2014.7.0rc6",
        "2014.7.0rc7",
        "2014.7.0",
        "2014.7.1",
        "2014.7.2",
        "2014.7.3",
        "2014.7.4",
        "2014.7.5",
        "2014.7.6",
        "2014.7.7",
        "2015.2.0rc1",
        "2015.2.0rc2",
        "2015.5.0",
        "2015.5.1",
        "2015.5.2",
        "2015.5.3",
        "2015.5.4",
        "2015.5.5",
        "2015.5.6",
        "2015.5.7",
        "2015.5.8",
        "2015.5.9",
        "2015.5.10",
        "2015.5.11",
        "2015.8.0rc1",
        "2015.8.0rc2",
        "2015.8.0rc3",
        "2015.8.0rc4",
        "2015.8.0rc5",
        "2015.8.0",
        "2015.8.1",
        "2015.8.2",
        "2015.8.3",
        "2015.8.4",
        "2015.8.5",
        "2015.8.7",
        "2015.8.8",
        "2015.8.8.2",
        "2015.8.9",
        "2015.8.11",
        "2015.8.12",
        "2016.3.0",
        "2016.3.1",
        "2016.3.2",
        "2016.3.3",
        "2016.3.5",
        "2016.3.7",
        "2016.11.0",
        "2016.11.1",
        "2016.11.2",
        "2016.11.4",
        "2016.11.7",
        "2016.11.8",
        "2016.11.9",
        "2017.7.0",
        "2017.7.1",
        "2017.7.2",
        "2017.7.3",
        "2017.7.4",
        "2017.7.5",
        "2017.7.6",
        "2017.7.7",
        "2018.3.0rc1",
        "2018.3.0",
        "2018.3.1",
        "2018.3.2",
        "2018.3.3",
        "2018.3.4",
        "2018.3.5",
        "2019.2.0",
        "2019.2.1",
        "2019.2.2",
        "2019.2.3",
        "2019.2.4",
        "2019.2.6",
        "2019.2.7",
        "3000",
        "3000.1",
        "3000.2",
        "3000.3",
        "3000.4",
        "3000.5",
        "3001",
        "3001.1",
        "3001.2",
        "3001.3",
        "3002",
        "3002.1",
        "3002.2",
        "3002.3",
        "3002.4"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25284"
  ],
  "details": "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.",
  "id": "PYSEC-2021-53",
  "modified": "2021-03-31T14:15:00Z",
  "published": "2021-02-27T05:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "type": "WEB",
      "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/"
    },
    {
      "type": "ADVISORY",
      "url": "https://security.gentoo.org/glsa/202103-01"
    }
  ]
}

CNVD-2021-15044

Vulnerability from cnvd - Published: 2021-03-08

Title

SaltStack Salt存在未明漏洞（CNVD-2021-15044）

Description

SaltStack Salt是SaltStack（Saltstack）公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt 3002.5之前版本存在安全漏洞，该漏洞源于可以将凭据记录到info或error日志级别。目前没有详细的漏洞细节提供。

Severity

低

Patch Name

SaltStack Salt存在未明漏洞（CNVD-2021-15044）的补丁

Patch Description

SaltStack Salt是SaltStack（Saltstack）公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt 3002.5之前版本存在安全漏洞，该漏洞源于可以将凭据记录到info或error日志级别。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

Reference

https://github.com/saltstack/salt/releases

Impacted products

Name
SaltStack SaltStack Salt <3002.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-25284",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-25284"
    }
  },
  "description": "SaltStack Salt\u662fSaltStack\uff08Saltstack\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7528\u4e8e\u7ba1\u7406\u57fa\u7840\u67b6\u6784\u7684\u5de5\u5177\u3002\u8be5\u5de5\u5177\u63d0\u4f9b\u914d\u7f6e\u7ba1\u7406\u3001\u8fdc\u7a0b\u6267\u884c\u7b49\u529f\u80fd\u3002\n\nSaltStack Salt 3002.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53ef\u4ee5\u5c06\u51ed\u636e\u8bb0\u5f55\u5230info\u6216error\u65e5\u5fd7\u7ea7\u522b\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-15044",
  "openTime": "2021-03-08",
  "patchDescription": "SaltStack Salt\u662fSaltStack\uff08Saltstack\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7528\u4e8e\u7ba1\u7406\u57fa\u7840\u67b6\u6784\u7684\u5de5\u5177\u3002\u8be5\u5de5\u5177\u63d0\u4f9b\u914d\u7f6e\u7ba1\u7406\u3001\u8fdc\u7a0b\u6267\u884c\u7b49\u529f\u80fd\u3002\r\n\r\nSaltStack Salt 3002.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53ef\u4ee5\u5c06\u51ed\u636e\u8bb0\u5f55\u5230info\u6216error\u65e5\u5fd7\u7ea7\u522b\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SaltStack Salt\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15044\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "SaltStack SaltStack Salt \u003c3002.5"
  },
  "referenceLink": "https://github.com/saltstack/salt/releases",
  "serverity": "\u4f4e",
  "submitTime": "2021-03-05",
  "title": "SaltStack Salt\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15044\uff09"
}

FKIE_CVE-2021-25284

Vulnerability from fkie_nvd - Published: 2021-02-27 05:15 - Updated: 2024-11-21 05:54

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

References

URL	Tags
cve@mitre.org	https://github.com/saltstack/salt/releases	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/	Mailing List, Third Party Advisory
cve@mitre.org	https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/	Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202103-01	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202310-22	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-5011	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/saltstack/salt/releases	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202103-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202310-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5011	Third Party Advisory

Impacted products

Vendor	Product	Version
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
saltstack	salt	*
fedoraproject	fedora	32
fedoraproject	fedora	33
fedoraproject	fedora	34
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9405E3-F2B0-41BA-A39D-61BB38475A59",
              "versionEndExcluding": "2015.8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35C23D3-82D4-46E7-BF08-9229C04C0C3D",
              "versionEndExcluding": "2015.8.13",
              "versionStartIncluding": "2015.8.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4741BD5-4C40-48BC-A2C1-E6AB33818201",
              "versionEndExcluding": "2016.3.4",
              "versionStartIncluding": "2016.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D28A2B5-316A-45DC-AC85-A0F743C4B3C4",
              "versionEndExcluding": "2016.3.6",
              "versionStartIncluding": "2016.3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C96153-85C1-45DC-A48B-46A3900246E2",
              "versionEndExcluding": "2016.3.8",
              "versionStartIncluding": "2016.3.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FBC561-336A-4F25-B347-C4CA029B6E30",
              "versionEndExcluding": "2016.11.3",
              "versionStartIncluding": "2016.3.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E17739-655C-4FAC-A73B-985132B32C73",
              "versionEndExcluding": "2016.11.5",
              "versionStartIncluding": "2016.11.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11D84847-0C8A-473A-9186-46FABD7BB59A",
              "versionEndExcluding": "2016.11.10",
              "versionStartIncluding": "2016.11.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3721B047-2595-4E79-8FDD-B1224FC0DD2C",
              "versionEndExcluding": "2017.7.8",
              "versionStartIncluding": "2017.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8FA088-6AAD-46DF-884C-7362CB4BE430",
              "versionEndIncluding": "2018.3.5",
              "versionStartIncluding": "2018.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A2912C-7F48-465D-B7F2-93ECD0D0CB74",
              "versionEndExcluding": "2019.2.5",
              "versionStartIncluding": "2019.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40369149-A5C3-4759-844F-3510559397C5",
              "versionEndExcluding": "2019.2.8",
              "versionStartIncluding": "2019.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "906D2835-186A-455E-84EB-E982564B9CBD",
              "versionEndExcluding": "3000.6",
              "versionStartIncluding": "3000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0E0DA3-49F7-4938-9FBD-F3680B1BDBB6",
              "versionEndExcluding": "3001.4",
              "versionStartIncluding": "3001",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B757DF0-6490-4FE7-9C98-5D8C700A4377",
              "versionEndExcluding": "3002.5",
              "versionStartIncluding": "3002",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema por medio de SaltStack Salt versiones anteriores a 3002.5.\u0026#xa0;salt.modules.cmdmod puede registrar credenciales para el nivel de registro de informaci\u00f3n o error"
    }
  ],
  "id": "CVE-2021-25284",
  "lastModified": "2024-11-21T05:54:40.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-27T05:15:14.037",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202103-01"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202310-22"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202103-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202310-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        },
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-25284 (GCVE-0-2021-25284)

GHSA-R55W-XPH5-XVX2

CERTFR-2021-AVI-154

Solution

GSD-2021-25284

PYSEC-2021-53

CNVD-2021-15044

FKIE_CVE-2021-25284

Tags

Sightings

Nomenclature