Main Vulnerability Database Vulnerabilities #VU42396

#VU42396 Improper Authentication in Salt - CVE-2013-4435

Published: November 5, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42396

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4435

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Salt

Software vendor:
SaltStack

Description

The vulnerability allows a remote #AU# to read and manipulate data.

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

Remediation

Install update from vendor's website.

External links

http://docs.saltstack.com/topics/releases/0.17.1.html
http://www.openwall.com/lists/oss-security/2013/10/18/3