CVE-2013-4435 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0.15.0 <0.17.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00324 pctl0.54816

Details

Salt has insufficient argument validation in several modules Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

Metadata

Created: 2022-05-17T04:58:26Z
Modified: 2024-10-26T22:36:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v89f-4mc4-h6w9/GHSA-v89f-4mc4-h6w9.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-v89f-4mc4-h6w9
Finding: F039
Auto approve: 1