CVE-2013-4435
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
Salt (conocido como SaltStack) 0.15.0 hasta 0.17.0 permite a usuarios remotos autenticados que utilizan autenticaciĆ³n externa o cliente ACL ejecutar rutinas restringidas mediante la inclusiĆ³n de la rutina en otra rutina.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-11-05 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/10/18/3 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://docs.saltstack.com/topics/releases/0.17.1.html | 2013-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | 0.15.0 Search vendor "Saltstack" for product "Salt" and version "0.15.0" | - |
Affected
| ||||||
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | 0.15.1 Search vendor "Saltstack" for product "Salt" and version "0.15.1" | - |
Affected
| ||||||
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | 0.16.0 Search vendor "Saltstack" for product "Salt" and version "0.16.0" | - |
Affected
| ||||||
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | 0.16.2 Search vendor "Saltstack" for product "Salt" and version "0.16.2" | - |
Affected
| ||||||
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | 0.16.3 Search vendor "Saltstack" for product "Salt" and version "0.16.3" | - |
Affected
| ||||||
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | 0.16.4 Search vendor "Saltstack" for product "Salt" and version "0.16.4" | - |
Affected
| ||||||
| Saltstack Search vendor "Saltstack" | Salt Search vendor "Saltstack" for product "Salt" | 0.17.0 Search vendor "Saltstack" for product "Salt" and version "0.17.0" | - |
Affected
| ||||||