CVE-2021-25315— salt-api unauthenticated remote code execution

salt-api unauthenticated remote code execution

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

认证机制不恰当

SUSE Linux Enterprise Server 授权问题漏洞

SUSE Linux Enterprise Server是德国SUSE公司的一套企业服务器版Linux操作系统。 SUSE Linux Enterprise Server 存在授权问题漏洞，攻击者可利用该漏洞通过salt执行任意代码，而不需要指定有效的凭证。以下产品及版本受到影响：SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2

N/A

N/A