Home

CVE-2013-6617

Description

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.705

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2013-4435,CVE-2013-4438,CVE-2013-4439,CVE-2013-6617 are affected in VMware SALT 0.15.0Windows
Vulnerabilities CVE-2013-4435,CVE-2013-4438,CVE-2013-4439,CVE-2013-6617 are affected in VMware SALT 0.15.1Windows
Vulnerabilities CVE-2013-4435,CVE-2013-4438,CVE-2013-4439,CVE-2013-6617 are affected in VMware SALT 0.16.0Windows
Vulnerabilities CVE-2013-4435,CVE-2013-4438,CVE-2013-4439,CVE-2013-6617 are affected in VMware SALT 0.16.2Windows
Vulnerabilities CVE-2013-4435,CVE-2013-4438,CVE-2013-4439,CVE-2013-6617 are affected in VMware SALT 0.16.3Windows
Vulnerabilities CVE-2013-4435,CVE-2013-4438,CVE-2013-4439,CVE-2013-6617 are affected in VMware SALT 0.16.4Windows
Multiple Vulnerabilities are affected in VMware SALT 0.17.0Windows
Vulnerabilities CVE-2013-4438,CVE-2013-6617 are affected in VMware SALT 0.11.0Windows
Vulnerabilities CVE-2013-4438,CVE-2013-6617 are affected in VMware SALT 0.12.0Windows
Vulnerabilities CVE-2013-4438,CVE-2013-6617 are affected in VMware SALT 0.13.0Windows
Vulnerabilities CVE-2013-4438,CVE-2013-6617 are affected in VMware SALT 0.14.0Windows
Multiple vulnerabilities are fixed in Python-salt 0.17.1Windows
Multiple vulnerabilities are fixed in Python-salt for linux 0.17.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234