CVE-2021-21996 in Ubuntu

CVE-2021-21996

Priority

Description

An issue was discovered in SaltStack Salt before 3003.3. A user who has
control of the source, and source_hash URLs can gain full file system
access as root on a salt minion.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21996
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

Notes

Package

Source: salt (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	needs-triage
Ubuntu 22.04 LTS:	needs-triage
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-25 00:52:21 UTC (commit ecc1009cb19540b950de59270950018900f37f15)