—
PYSEC-2021-53
Details
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/saltstack/salt/releases [WEB]
- https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/ [WEB]
- https://security.gentoo.org/glsa/202103-01 [ADVISORY]
- https://github.com/advisories/GHSA-r55w-xph5-xvx2 [ADVISORY]