—

PYSEC-2013-12

Details

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 0.15.0 Fixed in: 0.17.1

Fix pip install --upgrade 'salt>=0.17.1'

References

http://docs.saltstack.com/topics/releases/0.17.1.html [WEB]
http://www.openwall.com/lists/oss-security/2013/10/18/3 [WEB]
https://github.com/advisories/GHSA-v89f-4mc4-h6w9 [ADVISORY]