—

PYSEC-2021-56

Details

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 2016.11.0 Fixed in: 3003rc1

Fix pip install --upgrade 'salt>=3003rc1'

References

https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/ [WEB]
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/ [WEB]
https://github.com/advisories/GHSA-hcjf-rp5h-g5h3 [ADVISORY]