CVE-2021-3144

CRITICAL9.1EPSS 5.5%

SaltStack Salt eauth tokens can be used once after expiration

Published: 5/24/2022Modified: 10/23/2024

Description

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

Affected packages (2)

  • PyPI/saltfrom 0, < 2015.8.13
  • PyPI/saltfrom 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1CRITICAL9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (23)