CVE-2013-4435
Published: 5 November 2013
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
Notes
Author | Note |
---|---|
seth-arnold | The announce notes are too difficult to decipher to discover which patches go with which vulnerabilities; there are also some duplicated CVEs and CVE-2013-4437 isn't even mentioned at all,, which makes me think the whole annoucement needs a salt expert to revisit and revise. |