{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "33" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "34" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "35" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "3000.3" } ] }, "events": [ { "introduced": "0" }, { "fixed": "3c609c16ee0454217f339e987c03eaf61662a853" } ], "repo": "https://github.com/saltstack/salt", "type": "GIT" } ] } ], "details": "An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\\salt\\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.", "id": "CVE-2021-22004", "modified": "2026-04-01T23:09:37.604072920Z", "published": "2021-09-08T15:15:12.723Z", "references": [ { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/" }, { "type": "FIX", "url": "https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }