CVE-2021-3144 - Insufficient Session Expiration

Severity

90%

Complexity

39%

Confidentiality

86%

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

CVSS 3.1 Base Score 9.1. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Demo Examples

Insufficient Session Expiration

CWE-613

The following snippet was taken from a J2EE web.xml deployment descriptor in which the session-timeout parameter is explicitly defined (the default value depends on the container). In this case the value is set to -1, which means that a session will never expire.


               
</web-app>

                     
</session-config>
<session-timeout>-1</session-timeout>

Overview

First reported 3 years ago

2021-02-27 05:15:00

Last updated 3 years ago

2021-11-23 22:30:00

Affected Software

Fedora 32

32

Debian Linux 9.0

9.0

References

https://github.com/saltstack/salt/releases

https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

FEDORA-2021-5756fbf8a6

FEDORA-2021-904a2dbc0c

https://github.com/saltstack/salt/releases

Third Party Advisory

FEDORA-2021-5756fbf8a6

Third Party Advisory

FEDORA-2021-904a2dbc0c

Third Party Advisory

https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

Vendor Advisory

FEDORA-2021-43eb5584ad

FEDORA-2021-5756fbf8a6

Mailing List, Third Party Advisory

FEDORA-2021-43eb5584ad

Mailing List, Third Party Advisory

FEDORA-2021-904a2dbc0c

Mailing List, Third Party Advisory

GLSA-202103-01

[debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update

DSA-5011

GLSA-202103-01

Third Party Advisory

[debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update

Mailing List, Third Party Advisory

DSA-5011

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.