CVE-2013-4435
Salt has insufficient argument validation in several modules
8.8
HIGH
CVSS 3.1
EPSS 0.32%
Description
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
How to fix CVE-2013-4435
To remediate CVE-2013-4435, upgrade the affected package to a fixed version below.
- PyPI/salt—upgrade to 0.17.1 or later
- —upgrade to 0.17.1 or later
Is CVE-2013-4435 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 0.15.0, < 0.17.1
- >= 0.15.0, < 0.17.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |