CVE Database · CVE-2021-3144
CVSS v3.1
9.1
EPSS
5.20%
Published
Feb 27, 2021
Modified
Nov 21, 2024
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NWeaknesses (CWE)
Affected Products (21)
References (18)