Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

  • Published: Feb 27, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-3144
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.1
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
saltstack / salt 2019.2.0 2019.2.5
saltstack / salt 2016.3.7 2016.3.8
saltstack / salt 2016.11.7 2016.11.10
saltstack / salt 2016.3.5 2016.3.6
saltstack / salt 2015.8.11 2015.8.13
saltstack / salt 2016.3.0 2016.3.4
saltstack / salt - 2015.8.10
saltstack / salt 2016.3.9 2016.11.3
saltstack / salt 2016.11.4 2016.11.5
saltstack / salt 2017.5.0 2017.7.8
saltstack / salt 2018.2.0 2018.3.5.x
saltstack / salt 2019.2.6 2019.2.8
saltstack / salt 3000 3000.6
saltstack / salt 3001 3001.4
saltstack / salt 3002 3002.5
fedoraproject / fedora 32 32.x
fedoraproject / fedora 33 33.x
fedoraproject / fedora 34 34.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
debian / debian_linux 11.0 11.0.x