CVE-2013-6617 — Salt vulnerability

CWE-2646 documents5 sources

Severity

10.0CRITICALNVD

EPSS

1.7%

top 17.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt

Timeline

PublishedNov 5

Latest updateMay 17

Description

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶PyPIsaltstack/salt0.11.0 — 0.17.1

▶NVDsaltstack/salt11 versions+10

🔴Vulnerability Details

GHSA

SaltStack Privilege Escalation vulnerability↗2022-05-17

▶

OSV

SaltStack Privilege Escalation vulnerability↗2022-05-17

▶

CVEList

CVE-2013-6617: The salt master in Salt (aka SaltStack) 0↗2013-11-05

▶

OSV

CVE-2013-6617: The salt master in Salt (aka SaltStack) 0↗2013-11-05

▶

💬Community

Bugzilla

CVE-2013-4435 CVE-2013-4436 CVE-2013-4437 CVE-2013-4438 CVE-2013-4439 CVE-2013-6617 salt: saltstack multiple flaws↗2013-10-17

▶