CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-6617

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0470%
EPSS Percentile39.08th
Published2013年11月5日
Last Modified2026年4月29日

Vulnerability Description

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

Affected Platforms (CPE)

📦
Saltstack

Salt

= 0.11.0
📦
Saltstack

Salt

= 0.12.0
📦
Saltstack

Salt

= 0.13.0
📦
Saltstack

Salt

= 0.14.0
📦
Saltstack

Salt

= 0.15.0
📦
Saltstack

Salt

= 0.15.1
📦
Saltstack

Salt

= 0.16.0
📦
Saltstack

Salt

= 0.16.2
📦
Saltstack

Salt

= 0.16.3
📦
Saltstack

Salt

= 0.16.4
📦
Saltstack

Salt

= 0.17.0

References & Advisories

🔗 http://docs.saltstack.com/topics/releases/0.17.1.html
🔗 http://docs.saltstack.com/topics/releases/0.17.1.html

関連する脆弱性情報

CVE-2011-326810.0

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a l...

CVE-2013-443710.0

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage...

CVE-2001-135610.0

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allow...

CVE-2020-116519.8

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does no...