{"id":"PYSEC-2013-14","details":"Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.","aliases":["CVE-2013-4439","GHSA-jmv9-5gx8-7xpf"],"modified":"2023-11-08T03:57:23.276056Z","published":"2013-11-05T18:55:00Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/10/18/3"},{"type":"WEB","url":"http://docs.saltstack.com/topics/releases/0.17.1.html"},{"type":"WEB","url":"https://github.com/saltstack/salt/pull/7356"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-jmv9-5gx8-7xpf"}],"affected":[{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.17.1"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.11.0","0.11.1","0.12.0","0.12.1","0.13.0","0.13.1","0.13.2","0.13.3","0.14.0","0.14.1","0.15.0","0.15.1","0.15.2","0.15.3","0.15.90","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.17.0","0.17.0rc1","0.8.7","0.8.9","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","0.9.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2013-14.yaml"}}],"schema_version":"1.7.3"}