Skip to content

Salt has insufficient argument validation in several modules

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated May 1, 2024

Package

pip salt (pip)

Affected versions

>= 0.15.0, <= 0.17.0

Patched versions

0.17.1

Description

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

References

Published by the National Vulnerability Database Nov 5, 2013
Published to the GitHub Advisory Database May 17, 2022
Reviewed May 1, 2024
Last updated May 1, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2013-4435

GHSA ID

GHSA-v89f-4mc4-h6w9

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.