CVE-2021-31607
- Source
- https://cve.org/CVERecord?id=CVE-2021-31607
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31607.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31607
- Aliases
- Downstream
- Related
- Published
- 2021-04-23T06:15:07.893Z
- Modified
- 2026-04-02T06:50:52.819100Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
- https://security.gentoo.org/glsa/202310-22
- https://www.debian.org/security/2021/dsa-5011
- https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
- https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
Affected packages
Git / github.com/saltstack/salt
Affected versions
old-branch-2016.*
old-branch-2016.11
old-branch-2017.*
old-branch-2017.7
old-branch-2017.7.9
old-branch-2019.*
old-branch-2019.2.3
v2016.*
v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.10
v2016.11.2
v2016.11.3
v2016.11.4
v2016.11.5
v2016.11.6
v2016.11.7
v2016.11.8
v2016.11.9
v2016.9
v2017.*
v2017.5
v2017.7
v2017.7.0
v2017.7.0rc1
v2017.7.1
v2017.7.2
v2017.7.3
v2017.7.4
v2017.7.5
v2017.7.6
v2017.7.7
v2017.7.8
v2018.*
v2018.11
v2018.2
v2018.3
v2018.3.0
v2018.3.0rc1
v2018.3.1
v2018.3.2
v2018.3.3
v2018.3.4
v2018.3.5
v2018.3.5_docs
v2019.*
v2019.2
v2019.2.0
v2019.2.0rc1
v2019.2.0rc2
v2019.2.1
v2019.2.1rc1
v2019.2.2
v2019.2.2.2
v2019.2.2.3
v2019.2.2_docs
v2019.2.3
v2019.2.3_docs
v2019.2.4
v2019.2.4_docs
v2019.2.5
v2019.2.6
v2019.2.7
v2019.2.8
v2019.8
Other
v3000
v3000_docs
v3001
v3001rc1
v3002
v3002rc1
v3003
v3003_docs
v3003rc1
v3004
v3004_docs
v3004rc1
v3005
v3005rc1
v3005rc2
v3000.*
v3000.0rc1
v3000.0rc2
v3000.1
v3000.2
v3000.2_docs
v3000.3
v3000.4
v3000.5
v3000.6
v3000.7
v3000.8
v3000.8_docs
v3000.9
v3001.*
v3001.1
v3001.1_docs
v3001.2
v3001.3
v3001.3_docs
v3001.4
v3001.5
v3001.6
v3001.6_docs
v3001.7
v3001.8
v3002.*
v3002.1
v3002.2
v3002.3
v3002.4
v3002.5
v3002.6
v3003.*
v3003.1
v3003.2
v3003.3
v3003.4
v3003.5
v3004.*
v3004.1
v3004.2
v3005.*
v3005.1
v3005.1-2
v3005.1-3
v3005.1-4
v3005.2
v3005.3
v3005.4
v3005.5
v3006.*
v3006.0
v3006.0rc1
v3006.0rc2
v3006.0rc3
v3006.1
v3006.10
v3006.11
v3006.12
v3006.13
v3006.14
v3006.15
v3006.16
v3006.17
v3006.18
v3006.19
v3006.2
v3006.20
v3006.21
v3006.22
v3006.23
v3006.3
v3006.3_docs
v3006.4
v3006.5
v3006.6
v3006.7
v3006.8
v3006.9
v3007.*
v3007.0
v3007.0rc1
v3007.1
v3007.10
v3007.11
v3007.12
v3007.13
v3007.2
v3007.3
v3007.4
v3007.5
v3007.6
v3007.7
v3007.8
v3007.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31607.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
}
]