High severityNVD Advisory· Published Nov 5, 2013· Updated Apr 29, 2026
CVE-2013-4439
CVE-2013-4439
Description
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | >= 0.15.0, < 0.17.1 | 0.17.1 |
Affected products
7cpe:2.3:a:saltstack:salt:0.15.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:saltstack:salt:0.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:0.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:0.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:0.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:0.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:0.16.4:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:0.17.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- docs.saltstack.com/topics/releases/0.17.1.htmlnvdPatchVendor Advisory
- github.com/advisories/GHSA-jmv9-5gx8-7xpfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4439ghsaADVISORY
- www.openwall.com/lists/oss-security/2013/10/18/3nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-14.yamlghsaWEB
- github.com/saltstack/salt/pull/7356nvdWEB
News mentions
0No linked articles in our index yet.