CVE-2021-31607

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SaltStack Salt versions 2016.9 through 3002.6

Description The issue is related to a command injection vulnerability in the snapper module of SaltStack Salt, which can be exploited to achieve local privilege escalation on a minion. This can happen when a specially crafted file is created with a pathname that is backed up by snapper, and the master calls the snapper.diff function, which executes popen unsafely.

Recommendations For SaltStack Salt versions 2016.9 through 3002.6, consider disabling the snapper.diff function until a patch is available to prevent exploitation. Restrict access to the snapper module to minimize the risk of privilege escalation. Avoid using the snapper module for backup operations until the issue is resolved.

Exploit

Fix

LPE

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

ALT-PU-2021-1590

ALT-PU-2021-1982

ALT-PU-2021-2076

ALT-PU-2022-1683

ALT-PU-2022-3218

BDU:2022-00655

CVE-2021-31607

DLA-2815-1

DSA-5011-1

GHSA-HCJF-RP5H-G5H3

OPENSUSE-SU-2021:0899-1

OPENSUSE-SU-2021:1951-1

OPENSUSE-SU-2021:2106-1

OPENSUSE-SU-2021_0899-1

OPENSUSE-SU-2021_1951-1

OPENSUSE-SU-2021_2106-1

OPENSUSE-SU-2024:11364-1

PYSEC-2021-56

SUSE-SU-2021:14753-1

SUSE-SU-2021:1688-1

SUSE-SU-2021:1690-1

SUSE-SU-2021:1951-1

SUSE-SU-2021:2098-1

SUSE-SU-2021:2102-1

SUSE-SU-2021:2104-1

SUSE-SU-2021:2105-1

SUSE-SU-2021:2106-1

SUSE-SU-2021:2114-1

SUSE-SU-2021_14732-1

SUSE-SU-2021_14753-1

SUSE-SU-2021_1951-1

SUSE-SU-2021_2102-1

Affected Products

Alt Linux

Saltstack Salt

Suse

CVE-2021-31607

Weakness Enumeration

Related Identifiers

Affected Products

References · 123