PT-2013-5018 · Saltstack+1 · Salt+1

Dlanderson

·

Published

2013-11-05

·

Updated

2022-05-17

·

CVE-2013-4439

CVSS v4.0

7.1

High

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Salt (aka SaltStack) versions 0.15.0 through 0.17.0
Description The issue allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
Recommendations For versions 0.15.0 through 0.17.0, update to a version newer than 0.17.0 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2013-1179
CVE-2013-4439
GHSA-JMV9-5GX8-7XPF
PYSEC-2013-14

Affected Products

Alt Linux
Salt