daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-25281.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-17 15:11:14 -04:00
parent 6cfe59205f
commit 3538d5c96d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2021/CVE-2021-25281.yaml
View File

@ -4,7 +4,7 @@ info:
name: SaltStack Salt <3002.5 - Auth Bypass name: SaltStack Salt <3002.5 - Auth Bypass
author: madrobot author: madrobot
severity: critical severity: critical
description: SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. description: SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.
reference: reference:
- http://hackdig.com/02/hack-283902.htm - http://hackdig.com/02/hack-283902.htm
- https://dozer.nz/posts/saltapi-vulns - https://dozer.nz/posts/saltapi-vulns