CVE-2016-9639 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0 <2015.8.11

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00325 pctl0.54868

Details

Salt allows deleted minions to read or write to minions with the same id Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

Metadata

Created: 2022-05-17T03:00:54Z
Modified: 2024-10-21T21:30:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hvmj-356c-gpf4/GHSA-hvmj-356c-gpf4.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-hvmj-356c-gpf4
Finding: F039
Auto approve: 1