SaltStack.Salt.Jinja.Renderer.Template.Remote.Code.Injection

Description

This indicates an attack attempt to exploit an Command Injection Vulnerability in SaltStack Salt.
The vulnerability is due to improper sanitization of user input while handling an malicious JSON file. A remote attacker can exploit this vulnerability by sending a crafted JSON file to the target server. Successful exploitation can result in arbitrary code execution in the context of the root user.

Affected Products

SaltStack Salt version before 2015.8.10
SaltStack Salt from version 2015.8.11 up to version 2015.8.13
SaltStack Salt from version 2016.3.0 up to version 2016.3.4
SaltStack Salt from version 2016.3.5 up to version 2016.3.6
SaltStack Salt from version 2016.3.7 up to version 2016.3.8
SaltStack Salt from version 2016.3.9 up to version 2016.11.3
SaltStack Salt from version 2016.11.4 up to version 2016.11.5
SaltStack Salt from version 2016.11.7 up to version 2016.11.10
SaltStack Salt from version 2017.5.0 up to version 2017.7.8
SaltStack Salt from version 2018.2.0 up to version 2018.3.5
SaltStack Salt from version 2019.2.0 up to version 2019.2.5
SaltStack Salt from version 2019.2.6 up to version 2019.2.8
SaltStack Salt from version 3000 up to version 3000.6
SaltStack Salt from version 3001 up to version 3001.4
SaltStack Salt from version 3002 up to version 3002.5

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

References