Lucene search
RedhatCVE-2013-4438HistoryNov 05, 2013 - 6:55 p.m.
CVE-2013-4438
2013-11-0518:55:04
CWE-94
redhat
web.nvd.nist.gov
28
cve-2013-4438
salt
saltstack
remote attackers
arbitrary code execution
yaml
vulnerability
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.007
Percentile
80.7%
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
Affected configurations
Node
saltstacksaltRange≤0.17.0
ORsaltstacksaltMatch0.6.0
ORsaltstacksaltMatch0.7.0
ORsaltstacksaltMatch0.8.0
ORsaltstacksaltMatch0.8.7
ORsaltstacksaltMatch0.8.8
ORsaltstacksaltMatch0.8.9
ORsaltstacksaltMatch0.9.0
ORsaltstacksaltMatch0.9.2
ORsaltstacksaltMatch0.9.3
ORsaltstacksaltMatch0.9.4
ORsaltstacksaltMatch0.9.5
ORsaltstacksaltMatch0.9.6
ORsaltstacksaltMatch0.9.7
ORsaltstacksaltMatch0.9.8
ORsaltstacksaltMatch0.9.9
ORsaltstacksaltMatch0.10.0
ORsaltstacksaltMatch0.10.2
ORsaltstacksaltMatch0.10.3
ORsaltstacksaltMatch0.10.4
ORsaltstacksaltMatch0.10.5
ORsaltstacksaltMatch0.11.0
ORsaltstacksaltMatch0.12.0
ORsaltstacksaltMatch0.13.0
ORsaltstacksaltMatch0.14.0
ORsaltstacksaltMatch0.15.0
ORsaltstacksaltMatch0.15.1
ORsaltstacksaltMatch0.16.0
ORsaltstacksaltMatch0.16.2
ORsaltstacksaltMatch0.16.3
ORsaltstacksaltMatch0.16.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| saltstack | salt | * | cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* |
| saltstack | salt | 0.6.0 | cpe:2.3:a:saltstack:salt:0.6.0:*:*:*:*:*:*:* |
| saltstack | salt | 0.7.0 | cpe:2.3:a:saltstack:salt:0.7.0:*:*:*:*:*:*:* |
| saltstack | salt | 0.8.0 | cpe:2.3:a:saltstack:salt:0.8.0:*:*:*:*:*:*:* |
| saltstack | salt | 0.8.7 | cpe:2.3:a:saltstack:salt:0.8.7:*:*:*:*:*:*:* |
| saltstack | salt | 0.8.8 | cpe:2.3:a:saltstack:salt:0.8.8:*:*:*:*:*:*:* |
| saltstack | salt | 0.8.9 | cpe:2.3:a:saltstack:salt:0.8.9:*:*:*:*:*:*:* |
| saltstack | salt | 0.9.0 | cpe:2.3:a:saltstack:salt:0.9.0:*:*:*:*:*:*:* |
| saltstack | salt | 0.9.2 | cpe:2.3:a:saltstack:salt:0.9.2:*:*:*:*:*:*:* |
| saltstack | salt | 0.9.3 | cpe:2.3:a:saltstack:salt:0.9.3:*:*:*:*:*:*:* |
Related
debiancve
debiancve
CVE-2013-4438
2022-10-03 16:14:57
cvelist
cvelist
CVE-2013-4438
2013-11-05 18:00:00
prion
prion
Code injection
2013-11-05 18:55:00
osv
osv
PYSEC-2013-13
2013-11-05 18:55:00
nvd
nvd
CVE-2013-4438
2013-11-05 18:55:04
ubuntucve
ubuntucve
CVE-2013-4438
2013-11-05 00:00:00
nessus
nessus
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
2013-11-11 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.007
Percentile
80.7%
Related for CVE-2013-4438