cve/2021/CVE-2021-25282.md

CVE-2021-25282

Description

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

POC

Reference

• http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
• https://github.com/saltstack/salt/releases

Github

• https://github.com/0ps/pocassistdb
• https://github.com/ARPSyndicate/cvemon
• https://github.com/HimmelAward/Goby_POC
• https://github.com/Immersive-Labs-Sec/CVE-2021-25281
• https://github.com/Z0fhack/Goby_POC
• https://github.com/jweny/pocassistdb
• https://github.com/zhibx/fscan-Intranet