CVE-2013-6617 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0.11.0 <0.17.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01705 pctl0.81594

Details

SaltStack Privilege Escalation vulnerability The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

Metadata

Created: 2022-05-17T04:58:31Z
Modified: 2024-11-06T20:24:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7wx3-vr2f-6p29/GHSA-7wx3-vr2f-6p29.json
CWE IDs: []
Alternative ID: GHSA-7wx3-vr2f-6p29
Finding: F159
Auto approve: 1