CVE-2021-25281: Improper Authentication
(updated )
An issue was discovered in SaltStack Salt’s salt-api. It does not honor eauth
credentials for the wheel_async
client. Thus, an attacker can remotely run any wheel modules on the master.
References
Detect and mitigate CVE-2021-25281 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →