Lucene search
HistoryNov 05, 2013 - 6:55 p.m.
CVE-2013-4438
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.5%
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
Affected configurations
Node
saltstacksaltRange≤0.17.0
ORsaltstacksaltMatch0.6.0
ORsaltstacksaltMatch0.7.0
ORsaltstacksaltMatch0.8.0
ORsaltstacksaltMatch0.8.7
ORsaltstacksaltMatch0.8.8
ORsaltstacksaltMatch0.8.9
ORsaltstacksaltMatch0.9.0
ORsaltstacksaltMatch0.9.2
ORsaltstacksaltMatch0.9.3
ORsaltstacksaltMatch0.9.4
ORsaltstacksaltMatch0.9.5
ORsaltstacksaltMatch0.9.6
ORsaltstacksaltMatch0.9.7
ORsaltstacksaltMatch0.9.8
ORsaltstacksaltMatch0.9.9
ORsaltstacksaltMatch0.10.0
ORsaltstacksaltMatch0.10.2
ORsaltstacksaltMatch0.10.3
ORsaltstacksaltMatch0.10.4
ORsaltstacksaltMatch0.10.5
ORsaltstacksaltMatch0.11.0
ORsaltstacksaltMatch0.12.0
ORsaltstacksaltMatch0.13.0
ORsaltstacksaltMatch0.14.0
ORsaltstacksaltMatch0.15.0
ORsaltstacksaltMatch0.15.1
ORsaltstacksaltMatch0.16.0
ORsaltstacksaltMatch0.16.2
ORsaltstacksaltMatch0.16.3
ORsaltstacksaltMatch0.16.4
Related
osv
osv
PYSEC-2013-13
2013-11-05 18:55:00
cve
cve
CVE-2013-4438
2022-10-03 16:14:57
debiancve
debiancve
CVE-2013-4438
2022-10-03 16:14:57
cvelist
cvelist
CVE-2013-4438
2022-10-03 16:14:57
prion
prion
Code injection
2013-11-05 18:55:00
ubuntucve
ubuntucve
CVE-2013-4438
2013-11-05 00:00:00
nessus
nessus
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
2013-11-11 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.5%
Related for NVD:CVE-2013-4438