CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.046

EPSS Ranking 88.6%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

Products affected by CVE-2021-31607

Saltstack » Salt » Version: 2016.11.0

cpe:2.3:a:saltstack:salt:2016.11.0
Saltstack » Salt » Version: 2016.11.1

cpe:2.3:a:saltstack:salt:2016.11.1
Saltstack » Salt » Version: 2016.11.10

cpe:2.3:a:saltstack:salt:2016.11.10
Saltstack » Salt » Version: 2016.11.2

cpe:2.3:a:saltstack:salt:2016.11.2
Saltstack » Salt » Version: 2016.11.3

cpe:2.3:a:saltstack:salt:2016.11.3
Saltstack » Salt » Version: 2016.11.4

cpe:2.3:a:saltstack:salt:2016.11.4
Saltstack » Salt » Version: 2016.11.5

cpe:2.3:a:saltstack:salt:2016.11.5
Saltstack » Salt » Version: 2016.11.6

cpe:2.3:a:saltstack:salt:2016.11.6
Saltstack » Salt » Version: 2016.11.7

cpe:2.3:a:saltstack:salt:2016.11.7
Saltstack » Salt » Version: 2016.11.8

cpe:2.3:a:saltstack:salt:2016.11.8
Saltstack » Salt » Version: 2016.11.9

cpe:2.3:a:saltstack:salt:2016.11.9
Saltstack » Salt » Version: 2017.5.0

cpe:2.3:a:saltstack:salt:2017.5.0
Saltstack » Salt » Version: 2017.7.0

cpe:2.3:a:saltstack:salt:2017.7.0
Saltstack » Salt » Version: 2017.7.1

cpe:2.3:a:saltstack:salt:2017.7.1
Saltstack » Salt » Version: 2017.7.2

cpe:2.3:a:saltstack:salt:2017.7.2
Saltstack » Salt » Version: 2017.7.3

cpe:2.3:a:saltstack:salt:2017.7.3
Saltstack » Salt » Version: 2017.7.4

cpe:2.3:a:saltstack:salt:2017.7.4
Saltstack » Salt » Version: 2017.7.5

cpe:2.3:a:saltstack:salt:2017.7.5
Saltstack » Salt » Version: 2017.7.6

cpe:2.3:a:saltstack:salt:2017.7.6
Saltstack » Salt » Version: 2017.7.7

cpe:2.3:a:saltstack:salt:2017.7.7
Saltstack » Salt » Version: 2017.7.8

cpe:2.3:a:saltstack:salt:2017.7.8
Saltstack » Salt » Version: 2017.7.9

cpe:2.3:a:saltstack:salt:2017.7.9
Saltstack » Salt » Version: 2018.11.0

cpe:2.3:a:saltstack:salt:2018.11.0
Saltstack » Salt » Version: 2018.2.0

cpe:2.3:a:saltstack:salt:2018.2.0
Saltstack » Salt » Version: 2018.3.0

cpe:2.3:a:saltstack:salt:2018.3.0
Saltstack » Salt » Version: 2018.3.1

cpe:2.3:a:saltstack:salt:2018.3.1
Saltstack » Salt » Version: 2018.3.2

cpe:2.3:a:saltstack:salt:2018.3.2
Saltstack » Salt » Version: 2018.3.3

cpe:2.3:a:saltstack:salt:2018.3.3
Saltstack » Salt » Version: 2018.3.4

cpe:2.3:a:saltstack:salt:2018.3.4
Saltstack » Salt » Version: 2018.3.5

cpe:2.3:a:saltstack:salt:2018.3.5
Saltstack » Salt » Version: 2019.2.0

cpe:2.3:a:saltstack:salt:2019.2.0
Saltstack » Salt » Version: 2019.2.1

cpe:2.3:a:saltstack:salt:2019.2.1
Saltstack » Salt » Version: 2019.2.2

cpe:2.3:a:saltstack:salt:2019.2.2
Saltstack » Salt » Version: 2019.2.3

cpe:2.3:a:saltstack:salt:2019.2.3
Saltstack » Salt » Version: 2019.2.4

cpe:2.3:a:saltstack:salt:2019.2.4
Saltstack » Salt » Version: 2019.2.5

cpe:2.3:a:saltstack:salt:2019.2.5
Saltstack » Salt » Version: 2019.2.6

cpe:2.3:a:saltstack:salt:2019.2.6
Saltstack » Salt » Version: 2019.2.7

cpe:2.3:a:saltstack:salt:2019.2.7
Saltstack » Salt » Version: 2019.2.8

cpe:2.3:a:saltstack:salt:2019.2.8
Saltstack » Salt » Version: 2019.8.0

cpe:2.3:a:saltstack:salt:2019.8.0
Saltstack » Salt » Version: 3000

cpe:2.3:a:saltstack:salt:3000
Saltstack » Salt » Version: 3000.0

cpe:2.3:a:saltstack:salt:3000.0
Saltstack » Salt » Version: 3000.1

cpe:2.3:a:saltstack:salt:3000.1
Saltstack » Salt » Version: 3000.13

cpe:2.3:a:saltstack:salt:3000.13
Saltstack » Salt » Version: 3000.2

cpe:2.3:a:saltstack:salt:3000.2
Saltstack » Salt » Version: 3000.3

cpe:2.3:a:saltstack:salt:3000.3
Saltstack » Salt » Version: 3000.4

cpe:2.3:a:saltstack:salt:3000.4
Saltstack » Salt » Version: 3000.5

cpe:2.3:a:saltstack:salt:3000.5
Saltstack » Salt » Version: 3000.6

cpe:2.3:a:saltstack:salt:3000.6
Saltstack » Salt » Version: 3001

cpe:2.3:a:saltstack:salt:3001
Saltstack » Salt » Version: 3001.1

cpe:2.3:a:saltstack:salt:3001.1
Saltstack » Salt » Version: 3001.2

cpe:2.3:a:saltstack:salt:3001.2
Saltstack » Salt » Version: 3001.3

cpe:2.3:a:saltstack:salt:3001.3
Saltstack » Salt » Version: 3001.4

cpe:2.3:a:saltstack:salt:3001.4
Saltstack » Salt » Version: 3002

cpe:2.3:a:saltstack:salt:3002
Saltstack » Salt » Version: 3002.1

cpe:2.3:a:saltstack:salt:3002.1
Saltstack » Salt » Version: 3002.2

cpe:2.3:a:saltstack:salt:3002.2
Saltstack » Salt » Version: 3002.3

cpe:2.3:a:saltstack:salt:3002.3
Saltstack » Salt » Version: 3002.4

cpe:2.3:a:saltstack:salt:3002.4
Saltstack » Salt » Version: 3002.5

cpe:2.3:a:saltstack:salt:3002.5
Saltstack » Salt » Version: 3002.6

cpe:2.3:a:saltstack:salt:3002.6
Fedoraproject » Fedora » Version: 33

cpe:2.3:o:fedoraproject:fedora:33
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31607

Products

Pricing

Contact Us