Vulnerability in Saltstack Salt

CVE-2013-4439

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.

EPSS: 0.002 (41.1th percentile) — read the EPSS interpretation.

Affected products

Saltstack Salt — versions 0.15.0, 0.15.1, 0.16.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)