CVE-2013-4439

saltstack/salt

on github

Published

November 5, 2013

Severity

CVSS v3:

N/A

CVSS v2:

4.9 MEDIUM

Description

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.

References

http://www.openwall.com/lists/oss-security/2013/10/18/3
http://docs.saltstack.com/topics/releases/0.17.1.html
https://github.com/saltstack/salt/pull/7356

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:saltstack:salt:0.17.0:::::::*	n/a	n/a	0.17.0
cpe:2.3:a:saltstack:salt:0.16.3:::::::*	n/a	n/a	0.16.3
cpe:2.3:a:saltstack:salt:0.15.1:::::::*	n/a	n/a	0.15.1
cpe:2.3:a:saltstack:salt:0.16.2:::::::*	n/a	n/a	0.16.2
cpe:2.3:a:saltstack:salt:0.16.4:::::::*	n/a	n/a	0.16.4
cpe:2.3:a:saltstack:salt:0.15.0:::::::*	n/a	n/a	0.15.0
cpe:2.3:a:saltstack:salt:0.16.0:::::::*	n/a	n/a	0.16.0

External Links

NVD - CVE-2013-4439