Salt@0.15.1 Security Vulnerabilities and Issues — Salt@0.15.1 CVE List

Lucene search

SaltstackSalt0.15.1

4 matches found

CVE•added 2013/11/05 6:55 p.m.•54 views

CVE-2013-4439

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.

4.9CVSS6.2AI score0.00193EPSS

CVE•added 2013/11/05 6:55 p.m.•41 views

CVE-2013-4438

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.

7.5CVSS7.7AI score0.0057EPSS

CVE•added 2013/11/05 6:55 p.m.•40 views

CVE-2013-6617

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

10CVSS6.9AI score0.01705EPSS

CVE•added 2013/11/05 6:55 p.m.•36 views

CVE-2013-4435

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

6CVSS6.7AI score0.00324EPSS