CVE-2013-4435 — Improper Authentication in Salt

CWE-287 — Improper Authentication6 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

0.3%

top 44.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt

Timeline

PublishedNov 5

Latest updateMay 17

Description

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶PyPIsaltstack/salt0.15.0 — 0.17.1

▶NVDsaltstack/salt7 versions+6

Patches

Patch: docs.saltstack.com ↗Patch: docs.saltstack.com ↗

🔴Vulnerability Details

GHSA

Salt has insufficient argument validation in several modules↗2022-05-17

▶

OSV

Salt has insufficient argument validation in several modules↗2022-05-17

▶

OSV

CVE-2013-4435: Salt (aka SaltStack) 0↗2013-11-05

▶

CVEList

CVE-2013-4435: Salt (aka SaltStack) 0↗2013-11-05

▶

💬Community

Bugzilla

CVE-2013-4435 CVE-2013-4436 CVE-2013-4437 CVE-2013-4438 CVE-2013-4439 CVE-2013-6617 salt: saltstack multiple flaws↗2013-10-17

▶