CVE-2013-4435

Salt < 0.17.1 - Authentication Bypass

Title source: rule

Description

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

References (2)

[Patch, Vendor Advisory] http://docs.saltstack.com/topics/releases/0.17.1.html

[Mailing List] http://www.openwall.com/lists/oss-security/2013/10/18/3

Scores

EPSS 0.0032

EPSS Percentile 55.1%

Classification

CWE

CWE-287

Status draft

Affected Products (8)

saltstack/salt

pypi/salt < 0.17.1PyPI

Timeline

Published Nov 05, 2013

Tracked Since Feb 18, 2026