CVE-2013-4435
SaltStack Salt 0.15.0-0.17.0 - Authenticated Routine Execution Bypass via Embedded Routine
Title source: llmDescription
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/18/3
Patch, Vendor Advisory x_refsource_confirm
http://docs.saltstack.com/topics/releases/0.17.1.html
Scores
EPSS
0.0152
EPSS Percentile
71.3%
Details
CWE
CWE-287
Status
published
Products (8)
pypi/salt
0.15.0 - 0.17.1PyPI
saltstack/salt
0.15.0
saltstack/salt
0.15.1
saltstack/salt
0.16.0
saltstack/salt
0.16.2
saltstack/salt
0.16.3
saltstack/salt
0.16.4
saltstack/salt
0.17.0
Published
Nov 05, 2013
Tracked Since
Feb 18, 2026