SUSE company fixed vulnerability in SUSE Manager Server product version 4.1. Vulnerability was addressed as CVE-2021-21996. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion server. SUSE company mentioned in the security advisory that an update solves the vulnerability and has 20 available fixes.

Source: suse.com