Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2013-4437 — SaltStack insecurely uses /tmp · VulnScope

CVE-2013-4437

SaltStack insecurely uses /tmp

EPSS 0.68%

Description

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."

How to fix CVE-2013-4437

To remediate CVE-2013-4437, upgrade the affected package to a fixed version below.

PyPI/salt—upgrade to 0.17.1 or later
PyPI/salt—upgrade to 0.17.1 or later

Is CVE-2013-4437 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

>= 0.17.0, < 0.17.1
>= 0.17.0, < 0.17.1

References (6)

ADVISORYgithub.com/advisories/GHSA-qr3x-v97p-42xw
ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-4437
PATCHgithub.com/saltstack/salt
WEBdocs.saltstack.com/topics/releases/0.17.1.html
WEB

Metadata

Published: 5/17/2022
Modified: 6/10/2026

Also known as:

GHSA-qr3x-v97p-42xwghsa
PYSEC-2013-27pysec

github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-27.yaml

WEBwww.openwall.com/lists/oss-security/2013/10/18/3