CVE-2021-25315

Summary

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Linux Enterprise Server 15 SP 3salt < 3002.2-3affected
openSUSETumbleweedsalt <= 3002.2-2.1affected

Weaknesses

  • CWE-287: CWE - CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References