Description
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
References (10)
Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202103-01
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-5011
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202310-22
Third Party Advisory
https://github.com/saltstack/salt/releases
Scores
CVSS v3
4.4
EPSS
0.0002
EPSS Percentile
5.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-522
CWE-532
Status
published
Products (8)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
32
fedoraproject/fedora
33
fedoraproject/fedora
34
pypi/salt
0 - 2015.8.13PyPI
saltstack/salt
< 2015.8.10
Published
Feb 27, 2021
Tracked Since
Feb 18, 2026