CVE-2021-22004

Summary

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.

Affected Software

VendorProductVersion RangeStatus
n/aSaltstack SaltSaltstack Salt (before 3003.3)affected

Weaknesses

  • Software manipulation

ADP Enrichment

CVE Program Container

Additional References

References