Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-47u4-vdsp-c3ct
Vulnerability ID VCID-47u4-vdsp-c3ct
Aliases CVE-2021-22004
GHSA-xf37-qcvf-7m57
PYSEC-2021-346
Summary An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/advisories/GHSA-xf37-qcvf-7m57
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:14:39.473573+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2021-346.yaml 38.6.0