CVE-2021-31607

moderate-risk

Published 2021-04-23

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

Do I need to act?

4.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (4)

Salt

Fedora

Affected Vendors

Fedoraproject Saltstack

References (16)

Mailing List https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Exploit https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/

Third Party Advisory https://security.gentoo.org/glsa/202310-22

Third Party Advisory https://www.debian.org/security/2021/dsa-5011

Mailing List https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Exploit https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/

Third Party Advisory https://security.gentoo.org/glsa/202310-22

Third Party Advisory https://www.debian.org/security/2021/dsa-5011

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 8/34 · Low

Exposure 10/34 · Low