CVE-2021-31607

Name: CVE-2021-31607
Creator: NVD / NIST
Published: 2021-04-23T06:15:07.893+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 3.81%

Last modified Jun 17, 2026

CVE-2021-31607 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).. EPSS estimates a 3.81% chance of exploitation in the next 30 days.

Description

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.81%

88.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Saltstack	Salt	>= 2016.9, <= 3002.6
Fedoraproject	Fedora	33
Fedoraproject	Fedora	34
Fedoraproject	Fedora	35

References

https://lists.debian.org/debian-lts-announce/2021/11/msg00009.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/Mailing List, Third Party Advisory
https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/Exploit, Patch, Third Party Advisory
https://security.gentoo.org/glsa/202310-22Third Party Advisory
https://www.debian.org/security/2021/dsa-5011Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00009.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/Mailing List, Third Party Advisory
https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/Exploit, Patch, Third Party Advisory
https://security.gentoo.org/glsa/202310-22Third Party Advisory
https://www.debian.org/security/2021/dsa-5011Third Party Advisory

Timeline

Published: Apr 23, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-31607?

How severe is CVE-2021-31607?

CVE-2021-31607 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 3.81% probability of exploitation in the next 30 days.

How do I fix CVE-2021-31607?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-31607?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST