Salt has insufficient argument validation in several modules

GHSA-v89f-4mc4-h6w9 · CVE-2013-4435 · PYSEC-2013-12

Published May 17, 2022 · Modified Oct 26, 2024

Description

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-4435
WEB https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-12.yaml
PACKAGE https://github.com/saltstack/salt
WEB https://github.com/saltstack/salt/blob/master/doc/topics/releases/0.17.1.rst
WEB http://docs.saltstack.com/topics/releases/0.17.1.html
WEB http://www.openwall.com/lists/oss-security/2013/10/18/3

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes