CVE-2013-4438 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-4438?

CVE-2013-4438 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4438?

Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt.

Vulnerability Description

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Saltstack	Salt	<= 0.17.0

Related Weaknesses (CWE)

CWE-94

References

http://docs.saltstack.com/topics/releases/0.17.1.htmlPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2013/10/18/3
http://docs.saltstack.com/topics/releases/0.17.1.htmlPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2013/10/18/3

FAQ

What is CVE-2013-4438?

CVE-2013-4438 is a vulnerability with a CVSS score of 7.5 (HIGH). Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to b...

How severe is CVE-2013-4438?

CVE-2013-4438 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4438?

Check the references section above for vendor advisories and patch information. Affected products include: Saltstack Salt.