PT-2013-6050 · Saltstack+1 · Salt+1

Published

2013-11-05

Updated

2022-05-17

CVE-2013-6617

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Salt (aka SaltStack) versions 0.11.0 through 0.17.0

Description The issue is related to the salt master in Salt not properly dropping group privileges. This makes it easier for remote attackers to gain privileges.

Recommendations For Salt (aka SaltStack) versions 0.11.0 through 0.17.0, update to a version where this issue is fixed to prevent remote attackers from gaining privileges.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2013-1179

CVE-2013-6617

GHSA-7WX3-VR2F-6P29

PYSEC-2013-15

Affected Products

Alt Linux

Salt

PT-2013-6050 · Saltstack+1 · Salt+1

CVE-2013-6617

Weakness Enumeration

Related Identifiers

Affected Products

References · 9