SaltStack Privilege Escalation vulnerability
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Apr 30, 2024
Description
Published by the National Vulnerability Database
Nov 5, 2013
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Apr 30, 2024
Last updated
Apr 30, 2024
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
References