U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2021-25281

Change History

Initial Analysis by NIST 3/05/2021 11:31:18 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions up to (excluding) 2015.8.10
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2015.8.11 up to (excluding) 2015.8.13
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2016.3.0 up to (excluding) 2016.3.4
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2016.3.5 up to (excluding) 2016.3.6
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2016.3.7 up to (excluding) 2016.3.8
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2016.3.9 up to (excluding) 2016.11.3
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2016.11.4 up to (excluding) 2016.11.5
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2016.11.7 up to (excluding) 2016.11.10
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2017.5.0 up to (excluding) 2017.7.8
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2018.2.0 up to (including) 2018.3.5
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2019.2.0 up to (excluding) 2019.2.5
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 2019.2.6 up to (excluding) 2019.2.8
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 3000 up to (excluding) 3000.6
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 3001 up to (excluding) 3001.4
     *cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions from (including) 3002 up to (excluding) 3002.5
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NIST CWE-287
Changed Reference Type
https://github.com/saltstack/salt/releases No Types Assigned
https://github.com/saltstack/salt/releases Release Notes, Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/ Third Party Advisory
Changed Reference Type
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ No Types Assigned
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ Vendor Advisory
Changed Reference Type
https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/ No Types Assigned
https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/ Vendor Advisory