[ SB 21.06 ] SaltStack RCE and multiple Vulns (CVE-2021-25282, CVE-2021-25281, CVE-2021-3197)

SaltStack released an Advisory with multiple critical vulns announced:


Impact: The Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.


Impact: The SaltAPI does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.


Impact: Unauthorized access wheel_async through salt-api can execute arbitrarily code/command.


Impact: Via the SaltAPI fix directory traversal in wheel.pillar_roots.write

Updates and Pacthes are available:

  • 3002.5
  • 3001.6
  • 3000.8

Fragen? Kontakt: info@zero.bs