CVE-2014-3563
high
CVSS v3
—
CVSS v2
7.2
VIR risk
7.2
Description
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://seclists.org/oss-sec/2014/q3/428
Vendor advisory: secalert@redhat.com — http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | salt | <2014.1.10 | 2014.1.10 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| saltstack | salt | {"endIncluding":"2014.1.9"} | |
References
- http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
- http://seclists.org/oss-sec/2014/q3/428
- http://www.securityfocus.com/bid/69319
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95392
- https://nvd.nist.gov/vuln/detail/CVE-2014-3563
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2014-18.yaml
- https://github.com/saltstack/salt
CWEs
CWE-59
Verify integrity in audit chain (admin only). AS-IS.