CVE-2013-4439 — Salt vulnerability

CWE-2648 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 58.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt

Timeline

PublishedNov 5

Latest updateMay 17

Description

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages2 packages

▶PyPIsaltstack/salt0.15.0 — 0.17.1+1

▶NVDsaltstack/salt7 versions+6

Patches

Patch: docs.saltstack.com ↗Patch: docs.saltstack.com ↗

🔴Vulnerability Details

GHSA

Minion identity not validated in saltstack↗2022-05-17

▶

OSV

Minion identity not validated in saltstack↗2022-05-17

▶

OSV

CVE-2013-4439: Salt (aka SaltStack) before 0↗2013-11-05

▶

CVEList

CVE-2013-4439: Salt (aka SaltStack) before 0↗2013-11-05

▶

💬Community

Bugzilla

CVE-2013-4439 salt: saltstack minion identity usurpation [epel-all]↗2013-10-17

▶

Bugzilla

CVE-2013-4439 salt: saltstack minion identity usurpation [fedora-all]↗2013-10-17

▶

Bugzilla

CVE-2013-4435 CVE-2013-4436 CVE-2013-4437 CVE-2013-4438 CVE-2013-4439 CVE-2013-6617 salt: saltstack multiple flaws↗2013-10-17

▶