.. / CVE-2021-25281

Exploit for SaltStack Salt <3002.5 - Auth Bypass (CVE-2021-25281)

Description:

SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.

Nuclei Template

View the template here CVE-2021-25281.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-25281.yaml

References:

https://github.com/saltstack/salt/releases
https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/
https://dozer.nz/posts/saltapi-vulns
http://hackdig.com/02/hack-283902.htm
https://nvd.nist.gov/vuln/detail/CVE-2021-25281

.. / CVE-2021-25281 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for SaltStack Salt <3002.5 - Auth Bypass (CVE-2021-25281)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-25281