Vulnerability Description
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Saltstack | Salt | < 3002.2 |
| Opensuse | Tumbleweed | - |
| Suse | Suse Linux Enterprise Server | 15 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1182382Issue TrackingVendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1182382Issue TrackingVendor Advisory
FAQ
What is CVE-2021-25315?
CVE-2021-25315 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify ...
How severe is CVE-2021-25315?
CVE-2021-25315 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-25315?
Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt, Opensuse Tumbleweed, Suse Suse Linux Enterprise Server.