PT-2021-16500 · Saltstack+3 · Saltstack Salt+3

Published

2016-11-21

·

Updated

2024-08-08

·

CVE-2021-25284

CVSS v3.1

4.4

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5
Description: An issue was discovered in SaltStack Salt where salt.modules.cmdmod can log credentials to the info or error log level.
Recommendations: For versions prior to 3002.5, update to version 3002.5 or later to resolve the issue. As a temporary workaround, consider restricting log access to minimize the risk of credential exposure.

Fix

Insertion into Log File

Cleartext Storage of Sensitive Information

Insufficiently Protected Credentials

Weakness Enumeration

CWE-532CWE-312CWE-522

Related Identifiers

ALT-PU-2016-2317
ALT-PU-2017-2801
ALT-PU-2018-2416
ALT-PU-2019-2322
ALT-PU-2019-2359
ALT-PU-2021-1590
ALT-PU-2021-1591
ALT-PU-2021-1982
ALT-PU-2022-3218
CVE-2021-25284
DLA-2480-2
DLA-2815-1
DSA-5011-1
GHSA-R55W-XPH5-XVX2
OPENSUSE-SU-2021:0347-1
OPENSUSE-SU-2021_0347-1
PYSEC-2021-53
SUSE-RU-2021:0632-1
SUSE-RU-2021:0633-1
SUSE-SU-2021:0624-1
SUSE-SU-2021:0626-1
SUSE-SU-2021:0627-1
SUSE-SU-2021:0628-1
SUSE-SU-2021:0630-1
SUSE-SU-2021:0631-1
SUSE-SU-2021:0914-1
SUSE-SU-2021:0915-1
SUSE-SU-2021:14650-1
SUSE-SU-2021:1690-1
SUSE-SU-2021_14650-1
SUSE-SU-2021_14682-1
USN-6948-1

Affected Products

Alt Linux
Saltstack Salt
Suse
Ubuntu