Lucene search
HistoryNov 05, 2013 - 6:55 p.m.
CVE-2013-6617
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.9%
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
Affected configurations
Node
saltstacksaltMatch0.11.0
ORsaltstacksaltMatch0.12.0
ORsaltstacksaltMatch0.13.0
ORsaltstacksaltMatch0.14.0
ORsaltstacksaltMatch0.15.0
ORsaltstacksaltMatch0.15.1
ORsaltstacksaltMatch0.16.0
ORsaltstacksaltMatch0.16.2
ORsaltstacksaltMatch0.16.3
ORsaltstacksaltMatch0.16.4
ORsaltstacksaltMatch0.17.0
Related
veracode
veracode
Privilege Escalation
2024-06-20 06:12:00
osv
osv
PYSEC-2013-15
2013-11-05 18:55:00
prion
prion
Code injection
2013-11-05 18:55:00
cve
cve
CVE-2013-6617
2022-10-03 16:14:52
github
github
SaltStack Privilege Escalation vulnerability
2022-05-17 04:58:31
debiancve
debiancve
CVE-2013-6617
2022-10-03 16:14:52
cvelist
cvelist
CVE-2013-6617
2022-10-03 16:14:52
ubuntucve
ubuntucve
CVE-2013-6617
2013-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: salt-0.17.1-1.fc20
2013-11-10 06:31:10
nessus
nessus
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
2013-11-11 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.9%
Related for NVD:CVE-2013-6617