CVE-2013-4435: Salt has insufficient argument validation in several modules

May 17, 2022 (updated October 26, 2024)

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

References

github.com/advisories/GHSA-v89f-4mc4-h6w9
github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-12.yaml
github.com/saltstack/salt
github.com/saltstack/salt/blob/master/doc/topics/releases/0.17.1.rst
nvd.nist.gov/vuln/detail/CVE-2013-4435

Detect and mitigate CVE-2013-4435 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →