{"id":"GHSA-v89f-4mc4-h6w9","summary":"Salt has insufficient argument validation in several modules","details":"Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.","aliases":["CVE-2013-4435","PYSEC-2013-12"],"modified":"2024-10-26T22:52:19.402843Z","published":"2022-05-17T04:58:26Z","database_specific":{"github_reviewed":true,"nvd_published_at":"2013-11-05T18:55:00Z","github_reviewed_at":"2024-05-01T11:19:14Z","severity":"HIGH","cwe_ids":["CWE-287"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4435"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-12.yaml"},{"type":"PACKAGE","url":"https://github.com/saltstack/salt"},{"type":"WEB","url":"https://github.com/saltstack/salt/blob/master/doc/topics/releases/0.17.1.rst"},{"type":"WEB","url":"http://docs.saltstack.com/topics/releases/0.17.1.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/10/18/3"}],"affected":[{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.15.0"},{"fixed":"0.17.1"}]}],"versions":["0.15.0","0.15.1","0.15.2","0.15.3","0.15.90","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.17.0","0.17.0rc1"],"database_specific":{"last_known_affected_version_range":"\u003c= 0.17.0","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v89f-4mc4-h6w9/GHSA-v89f-4mc4-h6w9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}