{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-31607","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-03T23:03:33.642Z","dateReserved":"2021-04-23T00:00:00.000Z","datePublished":"2021-04-23T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-10-31T13:06:42.625Z"},"descriptions":[{"lang":"en","value":"In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely)."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/"},{"name":"FEDORA-2021-5aaebdae8e","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/"},{"name":"FEDORA-2021-00ada7e667","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/"},{"name":"FEDORA-2021-93a7c8b7c6","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/"},{"name":"FEDORA-2021-158e9c6eb9","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/"},{"name":"[debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"},{"name":"DSA-5011","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2021/dsa-5011"},{"name":"GLSA-202310-22","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202310-22"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T23:03:33.642Z"},"title":"CVE Program Container","references":[{"url":"https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/","tags":["x_transferred"]},{"name":"FEDORA-2021-5aaebdae8e","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/"},{"name":"FEDORA-2021-00ada7e667","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/"},{"name":"FEDORA-2021-93a7c8b7c6","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/"},{"name":"FEDORA-2021-158e9c6eb9","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/"},{"name":"[debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"},{"name":"DSA-5011","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2021/dsa-5011"},{"name":"GLSA-202310-22","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202310-22"}]}]}}