CVE-2013-4439

Minion identity not validated in saltstack in pypi/salt

Identifiers

GHSA-jmv9-5gx8-7xpf, CVE-2013-4439

Package Slug

pypi/salt

Vulnerability

Minion identity not validated in saltstack

Description

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.

Affected Versions

All versions starting from 0 before 0.17.1

Solution

Upgrade to version 0.17.1 or above.

Last Modified

2022-07-26

source