Skip to content

SaltStack Privilege Escalation vulnerability

High severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Apr 30, 2024

Package

pip salt (pip)

Affected versions

>= 0.11.0, < 0.17.1

Patched versions

0.17.1

Description

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

References

Published by the National Vulnerability Database Nov 5, 2013
Published to the GitHub Advisory Database May 17, 2022
Reviewed Apr 30, 2024
Last updated Apr 30, 2024

Severity

High

Weaknesses

No CWEs

CVE ID

CVE-2013-6617

GHSA ID

GHSA-7wx3-vr2f-6p29

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.