CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type

GIT

Repo

https://github.com/saltstack/salt

Events

Introduced

f76dc0f9c06dd0690447a31544b7bd1fe7f5765a

Last affected

027263b794ac03a5953ac360d7205a69e643b19a

Database specific

{
    "versions": [
        {
            "introduced": "2016.9"
        },
        {
            "last_affected": "3002.6"
        }
    ]
}

Affected versions

v2016.*

v2016.11

v2016.9

v2017.*

v2017.5

v2017.7

v2018.*

v2018.11

v2018.2

v2018.3

v2019.*

v2019.2

v2019.2.1

v2019.2.1rc1

Other

v3000

v3000_docs

v3001

v3001rc1

v3002

v3002rc1

v3000.*

v3000.0rc1

v3000.0rc2

v3000.1

v3001.*

v3001.1

v3002.*

v3002.2

v3002.3

v3002.4

v3002.5

v3002.6

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31607.json"