PYSEC-2013-15

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2013-15.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2013-15
Aliases
Published
2013-11-05T18:55:00Z
Modified
2024-04-30T09:11:55.104863Z
Summary
[none]
Details

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

References

Affected packages

PyPI / salt

Package

Name
salt
View open source insights on deps.dev
Purl
pkg:pypi/salt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.11.0
Fixed
0.17.1

Affected versions

0.*

0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0