—

PYSEC-2013-15

Details

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 0.11.0 Fixed in: 0.17.1

Fix pip install --upgrade 'salt>=0.17.1'

References

http://docs.saltstack.com/topics/releases/0.17.1.html [WEB]
https://github.com/advisories/GHSA-7wx3-vr2f-6p29 [ADVISORY]