Search Results | AttackerKB

Show filters

Topics 2 Users 0

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

High

CVE-2021-25281

Disclosure Date: February 27, 2021 (last updated November 01, 2023)

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

Attack Vector: Network Privileges: None User Interaction: None

4

Attacker Value

Unknown

CVE-2021-25282

Disclosure Date: February 27, 2021 (last updated November 01, 2023)

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

Attack Vector: Network Privileges: None User Interaction: None

0