Home > Vulnerability Database > CVE-2021-25284

Mend.io Vulnerability Database

CVE-2021-25284

Good to know:

Date: February 26, 2021

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. After conducting further research, Mend has determined that versions v0.6.0--v3000.6, v3001rc1--v3001.4 and v3002rc1--v3002.2 of Salt are vulnerable to CVE-2021-25284.

Language: Python

Severity Score

4.4

Related Resources (24)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH

Url: https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L37

Url: https://security.gentoo.org/glsa/202103-01

Url: https://www.debian.org/security/2021/dsa-5011

Url: https://github.com/saltstack/salt

Url: https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L37

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH

Url: https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-53.yaml

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5

Url: https://security.gentoo.org/glsa/202310-22

Url: https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html

Url: https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L37

Url: https://github.com/saltstack/salt/releases

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-25284

Url: https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/

Url: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

Url: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/

Url: https://www.mend.io/vulnerability-database/CVE-2021-25284

Severity Score

4.4

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Insufficiently Protected Credentials

CWE-522

Cleartext Storage of Sensitive Information

CWE-312

Top Fix

Upgrade Version

Upgrade to version salt - 3002.3;salt - 3001.5;salt - 2015.8.13;salt - 2016.11.5;salt - 2016.11.10;salt - 2017.7.8;salt - 2019.2.8;salt - 3000.7

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-25284

Good to know:

Date: February 26, 2021

Language: Python

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?