Vulnerability in Saltstack Salt

CVE-2013-6617

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

EPSS: 0.017 (82.7th percentile) — read the EPSS interpretation.

Affected products

Saltstack Salt — versions 0.11.0, 0.12.0, 0.13.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM)