CVE-2021-3144: SaltStack Salt eauth tokens can be used once after expiration
9.1
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.90398%
CWE
Published
5/24/2022
Updated
10/23/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
salt | pip | < 2015.8.13 | 2015.8.13 |
salt | pip | >= 2016.3.0, < 2016.11.5 | 2016.11.5 |
salt | pip | >= 2016.11.7, < 2016.11.10 | 2016.11.10 |
salt | pip | >= 2017.5.0, < 2017.7.8 | 2017.7.8 |
salt | pip | >= 2018.2.0, <= 2018.3.5 | |
salt | pip | >= 3000, < 3000.7 | 3000.7 |
salt | pip | >= 3001, < 3001.5 | 3001.5 |
salt | pip | >= 3002, < 3002.3 | 3002.3 |
salt | pip | >= 2019.2.0, < 2019.2.8 | 2019.2.8 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability (CWE-613) stems from insufficient session expiration checks. Salt's eauth token handling in authentication workflows would be the logical place for this flaw. The authenticate_token
function is directly responsible for validating tokens, and a missing expiration check here would allow expired tokens to be used. The get_token
method's role in fetching token data without proper expiration validation could also contribute. While exact code diffs aren't provided, the CVE description and Salt's own release notes pinpoint token expiration handling as the fixed component, making these functions high-probability candidates.