Multiple High Severity Vulnerabilities in SaltStack

The Salt Project has released security updates to address multiple vulnerabilities. 7 out of 10 of them were rated as high severity.

• CVE-2021-3197: The Salt-API’s SSH client is vulnerable to a shell injection

• CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client

• CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks

• CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default

• CVE-2021-3144: Tokens can be used once after expiration

• CVE-2020-28972: Missing validation on SSL certificate

• CVE-2020-28243: Local privilege escalation in the Minion

Administrators and users of SaltStack are advised to upgrade to the latest versions immediately.

These versions have been updated for this security release:

• 3002.5

• 3001.6

• 3000.8

Security patch files can be found at: https://gitlab.com/saltstack/open/salt-patches

Patches are available for the following versions:

• 3002.2

• 3001.4

• 3000.6

• 2019.2.8

• 2019.2.5

• 2018.3.5

• 2017.7.8

• 2016.11.10

• 2016.11.6

• 2016.11.5

• 2016.11.3

• 2016.3.8

• 2016.3.6

• 2016.3.4

• 2015.8.13

• 2015.8.10

NOTE: If you are running an older version of Salt not listed on either of these sites, please update to a listed version before applying an available patch.