The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
2013-11-05T18:55:06.277
2025-04-11T00:51:21.963
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | saltstack | salt | 0.11.0 | Yes |
| Application | saltstack | salt | 0.12.0 | Yes |
| Application | saltstack | salt | 0.13.0 | Yes |
| Application | saltstack | salt | 0.14.0 | Yes |
| Application | saltstack | salt | 0.15.0 | Yes |
| Application | saltstack | salt | 0.15.1 | Yes |
| Application | saltstack | salt | 0.16.0 | Yes |
| Application | saltstack | salt | 0.16.2 | Yes |
| Application | saltstack | salt | 0.16.3 | Yes |
| Application | saltstack | salt | 0.16.4 | Yes |
| Application | saltstack | salt | 0.17.0 | Yes |