Main Vulnerability Database Vulnerabilities #VU42396

Improper Authentication in Salt - CVE-2013-4435

Published: November 5, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42396

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4435

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SaltStack

Affected software:
Salt

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

How to mitigate CVE-2013-4435

Install update from vendor's website.

Sources

http://docs.saltstack.com/topics/releases/0.17.1.html
http://www.openwall.com/lists/oss-security/2013/10/18/3

Improper Authentication in Salt - CVE-2013-4435

Detailed vulnerability description

How to mitigate CVE-2013-4435

Sources

Please verify you're human