What is CVE-2021-31607?

CVE-2021-31607 is a command injection vulnerability in the snapper module of SaltStack Salt 2016.9 through 3002.6, allowing for local privilege escalation on a minion.

What is the severity of CVE-2021-31607?

The severity of CVE-2021-31607 is high with a CVSS score of 7.8.

How does CVE-2021-31607 work?

CVE-2021-31607 requires the creation of a file with a backed-up pathname by snapper and the master calling the snapper.diff function, leading to command injection and potential privilege escalation.

Which versions of SaltStack Salt are affected by CVE-2021-31607?

SaltStack Salt versions 2016.9 through 3002.6 are affected by CVE-2021-31607.

How can I fix CVE-2021-31607?

To fix CVE-2021-31607, update to SaltStack Salt version 2018.3.4+dfsg1-6+deb10u3 or 3002.6+dfsg1-4+deb11u1 or 3004.1+dfsg-2.2, as recommended by Debian.

Vulnerability/
CVE-2021-31607

high

7.8

CWE

77 78

23/4/2021

24/5/2022

23/10/2024

CVE-2021-31607: Command Injection

First published: Fri Apr 23 2021(Updated: )

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/salt		2018.3.4+dfsg1-6+deb10u3 3002.6+dfsg1-4+deb11u1 3004.1+dfsg-2.2
SaltStack Salt	>=2016.9<=3002.6
Fedoraproject Fedora	=33
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
debian/salt	<=2018.3.4+dfsg1-6<=2018.3.4+dfsg1-6+deb10u2<=3002.6+dfsg1-1
SaltStack Salt
pip/salt	>=2016.11.0<=3002.6	3003rc1

Remedy

https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

saltproject-2021-09-21-advisory

Frequently Asked Questions

What is CVE-2021-31607?
CVE-2021-31607 is a command injection vulnerability in the snapper module of SaltStack Salt 2016.9 through 3002.6, allowing for local privilege escalation on a minion.
What is the severity of CVE-2021-31607?
The severity of CVE-2021-31607 is high with a CVSS score of 7.8.
How does CVE-2021-31607 work?
CVE-2021-31607 requires the creation of a file with a backed-up pathname by snapper and the master calling the snapper.diff function, leading to command injection and potential privilege escalation.
Which versions of SaltStack Salt are affected by CVE-2021-31607?
SaltStack Salt versions 2016.9 through 3002.6 are affected by CVE-2021-31607.
How can I fix CVE-2021-31607?
To fix CVE-2021-31607, update to SaltStack Salt version 2018.3.4+dfsg1-6+deb10u3 or 3002.6+dfsg1-4+deb11u1 or 3004.1+dfsg-2.2, as recommended by Debian.

collector/security-tracker-debian
collector/nvd-index
collector/debian-bugs
alias/CVE-2021-31607
collector/nvd-api
agent/type
agent/first-publish-date
collector/saltproject-advisory
source/Salt Project
agent/software-canonical-lookup
agent/remedy
agent/weakness
agent/description
agent/severity
agent/event
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/author
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
source/GitHub
alias/GHSA-hcjf-rp5h-g5h3
agent/last-modified-date
agent/references
agent/tags
collector/github-advisory
agent/trending
package-manager/debian
vendor/saltstack
canonical/saltstack salt
version/saltstack salt/2016.9
version/saltstack salt/3002.6
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/33
version/fedoraproject fedora/34
version/fedoraproject fedora/35
package-manager/pip