Vulnerability Name:

CVE-2021-25315 (CCN-197700)

Assigned:2021-03-03
Published:2021-03-03
Updated:2023-06-22
Summary:
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-25315

Source: CCN
Type: Bugzilla - Bug 1182382
(CVE-2021-25315) VUL-0: CVE-2021-25315: salt: salt-api unauthenticated remote code exec

Source: meissner@suse.de
Type: Issue Tracking, Vendor Advisory
meissner@suse.de

Source: XF
Type: UNKNOWN
suse-cve202125315-code-exec(197700)

Source: CCN
Type: openSUSE Web site
salt package

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:opensuse:tumbleweed:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8092
    P
    		salt-transactional-update-3005.1-150500.2.13 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7784
    P
    		python3-salt-3005.1-150500.2.13 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8078
    P
    		gv-3.7.4-1.41 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7658
    P
    		librrd8-1.7.0-6.3.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7676
    P
    		libssh-config-0.9.6-150400.1.5 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7969
    P
    		libvpx4-1.6.1-150000.6.8.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:622
    P
    		Security update for bind (Important) (in QA)
    2022-09-23
    oval:org.opensuse.security:def:728
    P
    		Security update for php-composer2 (Important)
    2022-09-05
    oval:org.opensuse.security:def:3629
    P
    		Security update for python3 (Important)
    2022-07-11
    oval:org.opensuse.security:def:3181
    P
    		libgssglue1-0.4-3.76 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3522
    P
    		hardlink-1.0-6.38 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3444
    P
    		bind-9.11.2-3.10.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3537
    P
    		kdump-0.8.16-9.2 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94556
    P
    		gc-devel-7.6.4-1.16 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94811
    P
    		python3-salt-3004-150400.6.16 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95152
    P
    		salt-api-3004-150400.6.16 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95167
    P
    		salt-transactional-update-3004-150400.6.16 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:291
    P
    		python3-salt-3002.2-6.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:99486
    P
    		 (Important)
    2022-02-18
    oval:org.opensuse.security:def:113236
    P
    		python3-salt-3002.2-6.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:99685
    P
    		 (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:1220
    P
    		Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:106653
    P
    		python3-salt-3002.2-6.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:99993
    P
    		 (Moderate)
    2021-09-18
    oval:org.opensuse.security:def:63372
    P
    		salt-api-3002.2-6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2283
    P
    		salt-api-3002.2-6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101398
    P
    		salt-api-3002.2-6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62309
    P
    		python3-salt-3002.2-6.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101067
    P
    		python3-salt-3002.2-6.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72050
    P
    		python3-salt-3002.2-6.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101269
    P
    		gradle-4.4.1-1.87 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:111594
    P
    		Security update for salt (Critical)
    2021-07-11
    oval:org.opensuse.security:def:111447
    P
    		Security update for salt (Critical)
    2021-06-23
    oval:org.opensuse.security:def:8984
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:93750
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:92145
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:1570
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:107935
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:69167
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:100629
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:97123
    P
    		Security update for Salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:102650
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:10106
    P
    		Security update for Salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:98900
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:92934
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:42092
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:70246
    P
    		Security update for Salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:68747
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:99651
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:73840
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:118407
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:9352
    P
    		Security update for Salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:95937
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:93964
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:92337
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:109316
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:69492
    P
    		Security update for Salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:97124
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:102740
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:10287
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:99095
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:8608
    P
    		Security update for Salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:93087
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:93414
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:70427
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:68765
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:99965
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:76527
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:118502
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:9537
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:96050
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:94176
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:92536
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:109406
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:69677
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:97125
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:64533
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:102797
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:99287
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:8789
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:93240
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:93570
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:91950
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:69058
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:100301
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:76545
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:118559
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:9736
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:96107
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:94387
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:92735
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:109463
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:69876
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:101459
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:64718
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:99388
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:73655
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:117450
    P
    		Security update for salt (Critical)
    2021-06-21
    BACK
    opensuse tumbleweed *