CVE-2021-21996

Summary

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

Affected Software

VendorProductVersion RangeStatus
n/aSaltstack SaltSaltstack Salt (before 3003.3)affected

Weaknesses

  • File traversal attack

ADP Enrichment

CVE Program Container

Additional References

References