Skip to main content

Salt CVE-2013-6617

CRITICAL
Permissions, Privileges, and Access Controls (CWE-264)
2013-11-05 cve@mitre.org
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Nov 05, 2013 - 18:55 cve.org
CRITICAL 10.0

DescriptionCVE.org

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

AnalysisAI

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-264. The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. Affected products include: Saltstack Salt. Version information: through 0.17.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Salt

View all
CVE-2021-25281 CRITICAL POC
9.8 Feb 27

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2020-25592 CRITICAL POC
9.8 Nov 06

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. Rated critical severity (

CVE-2020-16846 CRITICAL POC
9.8 Nov 06

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2020-11651 CRITICAL POC
9.8 Apr 30

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated critical severity (CVSS 9.8), th

CVE-2021-25282 CRITICAL POC
9.1 Feb 27

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2020-11652 MEDIUM POC
6.5 Apr 30

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated medium severity (CVSS 6.5), this

CVE-2021-31607 HIGH POC
7.8 Apr 23

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for

CVE-2013-4437 CRITICAL
10.0 Nov 05

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "inse

CVE-2017-12791 CRITICAL
9.8 Aug 23

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.

CVE-2017-14695 CRITICAL
9.8 Oct 24

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8,

CVE-2021-3197 CRITICAL
9.8 Feb 27

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2021-3148 CRITICAL
9.8 Feb 27

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remot

Share

CVE-2013-6617 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy