CVE-2021-21996

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-21996
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21996.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21996
Aliases
Downstream
Related
Published
2021-09-08T15:15:12.670Z
Modified
2026-04-02T06:46:48.296101Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3c609c16ee0454217f339e987c03eaf61662a853
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3000.3"
        }
    ]
}

Affected versions

old-branch-0.*
old-branch-0.11
old-branch-0.12
old-branch-0.13
old-branch-0.14
old-branch-0.15
old-branch-0.16
old-branch-0.17
old-branch-2014.*
old-branch-2014.1
old-branch-2014.7
old-branch-2015.*
old-branch-2015.5
old-branch-2015.8
old-branch-2016.*
old-branch-2016.11
old-branch-2016.3
old-branch-2017.*
old-branch-2017.7
old-branch-2017.7.9
old-branch-2019.*
old-branch-2019.2.3
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.11.1
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.90
v0.16
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17
v0.17.0
v0.17.0rc1
v0.17.1
v0.17.2
v0.17.3
v0.17.4
v0.17.5
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v2014.*
v2014.1
v2014.1.0
v2014.1.0rc1
v2014.1.0rc2
v2014.1.0rc3
v2014.1.1
v2014.1.10
v2014.1.11
v2014.1.12
v2014.1.13
v2014.1.2
v2014.1.3
v2014.1.4
v2014.1.5
v2014.1.6
v2014.1.7
v2014.1.8
v2014.1.9
v2014.7
v2014.7.0
v2014.7.0rc1
v2014.7.0rc2
v2014.7.0rc3
v2014.7.0rc4
v2014.7.0rc5
v2014.7.0rc6
v2014.7.0rc7
v2014.7.1
v2014.7.2
v2014.7.3
v2014.7.4
v2014.7.5
v2014.7.6
v2014.7.7
v2014.7.8
v2014.7.9
v2015.*
v2015.2
v2015.2.0rc1
v2015.2.0rc2
v2015.5
v2015.5.0
v2015.5.1
v2015.5.10
v2015.5.11
v2015.5.2
v2015.5.3
v2015.5.4
v2015.5.5
v2015.5.6
v2015.5.7
v2015.5.8
v2015.5.9
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.10
v2015.8.11
v2015.8.12
v2015.8.13
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.5
v2015.8.6
v2015.8.7
v2015.8.8
v2015.8.8.2
v2015.8.9
v2016.*
v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.10
v2016.11.2
v2016.11.3
v2016.11.4
v2016.11.5
v2016.11.6
v2016.11.7
v2016.11.8
v2016.11.9
v2016.3
v2016.3.0
v2016.3.0rc0
v2016.3.0rc1
v2016.3.0rc2
v2016.3.0rc3
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.4
v2016.3.5
v2016.3.6
v2016.3.7
v2016.3.8
v2016.9
v2017.*
v2017.5
v2017.7
v2017.7.0
v2017.7.0rc1
v2017.7.1
v2017.7.2
v2017.7.3
v2017.7.4
v2017.7.5
v2017.7.6
v2017.7.7
v2017.7.8
v2018.*
v2018.11
v2018.2
v2018.3
v2018.3.0
v2018.3.0rc1
v2018.3.1
v2018.3.2
v2018.3.3
v2018.3.4
v2018.3.5
v2018.3.5_docs
v2019.*
v2019.2
v2019.2.0
v2019.2.0rc1
v2019.2.0rc2
v2019.2.1
v2019.2.1rc1
v2019.2.2
v2019.2.2.2
v2019.2.2.3
v2019.2.2_docs
v2019.2.3
v2019.2.3_docs
v2019.2.4
v2019.2.4_docs
v2019.2.5
v2019.2.6
v2019.2.7
v2019.2.8
v2019.8
Other
v3000
v3000_docs
v3001
v3001rc1
v3002
v3002rc1
v3003
v3003_docs
v3003rc1
v3004
v3004_docs
v3004rc1
v3005
v3005rc1
v3005rc2
v3000.*
v3000.0rc1
v3000.0rc2
v3000.1
v3000.2
v3000.2_docs
v3001.*
v3001.1
v3001.1_docs
v3001.2
v3001.3
v3001.3_docs
v3001.4
v3001.5
v3001.6
v3001.6_docs
v3001.7
v3001.8
v3002.*
v3002.1
v3002.2
v3002.3
v3002.4
v3002.5
v3002.6
v3002.7
v3002.8
v3002.9
v3003.*
v3003.1
v3003.2
v3003.3
v3003.4
v3003.5
v3004.*
v3004.1
v3004.2
v3005.*
v3005.1
v3005.1-2
v3005.1-3
v3005.1-4
v3005.2
v3005.3
v3005.4
v3005.5
v3006.*
v3006.0
v3006.0rc1
v3006.0rc2
v3006.0rc3
v3006.1
v3006.10
v3006.11
v3006.12
v3006.13
v3006.14
v3006.15
v3006.16
v3006.17
v3006.18
v3006.19
v3006.2
v3006.20
v3006.21
v3006.22
v3006.23
v3006.3
v3006.3_docs
v3006.4
v3006.5
v3006.6
v3006.7
v3006.8
v3006.9
v3007.*
v3007.0
v3007.0rc1
v3007.1
v3007.10
v3007.11
v3007.12
v3007.13
v3007.2
v3007.3
v3007.4
v3007.5
v3007.6
v3007.7
v3007.8
v3007.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21996.json"