Vulnerability Description
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
CVSS Score
6.0
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Saltstack | Salt | 0.15.0 |
Related Weaknesses (CWE)
References
- http://docs.saltstack.com/topics/releases/0.17.1.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2013/10/18/3
- http://docs.saltstack.com/topics/releases/0.17.1.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2013/10/18/3
FAQ
What is CVE-2013-4435?
CVE-2013-4435 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rout...
How severe is CVE-2013-4435?
CVE-2013-4435 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4435?
Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt.