CVE-2013-4435
HIGH8.8EPSS 0.32%Salt has insufficient argument validation in several modules
發布日:2022/5/17修改日:2024/10/26
描述
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
受影響套件(2)
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4435
- PATCHhttps://github.com/saltstack/salt
- WEBhttp://docs.saltstack.com/topics/releases/0.17.1.html
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-12.yaml
- WEBhttps://github.com/saltstack/salt/blob/master/doc/topics/releases/0.17.1.rst
- WEBhttp://www.openwall.com/lists/oss-security/2013/10/18/3