A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Affected Packages

PyPI salt

Affected versions: 0 (fixed in 3002.2)

Related CVEs

CVE-2021-25315

Key Information

GHSA ID

GHSA-pmj6-9f8c-8g2m

Published

May 24, 2022 5:43 PM

Last Modified

April 9, 2025 8:06 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

salt

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 12, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.