Lucene search

MitreCVE-2021-3144

HistoryFeb 27, 2021 - 5:15 a.m.

CVE-2021-3144

2021-02-2705:15:14

CWE-613

mitre

web.nvd.nist.gov

232

cve-2021-3144

saltstack

salt

eauth tokens

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.054

Percentile

93.2%

JSON

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

Affected configurations

Nvd

Node

saltstacksaltRange<2015.8.10

saltstacksaltRange2015.8.11–2015.8.13

saltstacksaltRange2016.3.0–2016.3.4

saltstacksaltRange2016.3.5–2016.3.6

saltstacksaltRange2016.3.7–2016.3.8

saltstacksaltRange2016.3.9–2016.11.3

saltstacksaltRange2016.11.4–2016.11.5

saltstacksaltRange2016.11.7–2016.11.10

saltstacksaltRange2017.5.0–2017.7.8

saltstacksaltRange2018.2.0–2018.3.5

saltstacksaltRange2019.2.0–2019.2.5

saltstacksaltRange2019.2.6–2019.2.8

saltstacksaltRange3000–3000.6

saltstacksaltRange3001–3001.4

saltstacksaltRange3002–3002.5

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

VendorProductVersionCPE
saltstacksalt*cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
saltstack	salt	*	cpe:2.3:a:saltstack:salt::::::::
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*