CVE-2013-6617 | Vulnerability Database | Aqua Security

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

Affected Software

Name	Vendor	Start Version	End Version
Salt	Saltstack	0.11.0 (including)	0.11.0 (including)
Salt	Saltstack	0.12.0 (including)	0.12.0 (including)
Salt	Saltstack	0.13.0 (including)	0.13.0 (including)
Salt	Saltstack	0.14.0 (including)	0.14.0 (including)
Salt	Saltstack	0.15.0 (including)	0.15.0 (including)
Salt	Saltstack	0.15.1 (including)	0.15.1 (including)
Salt	Saltstack	0.16.0 (including)	0.16.0 (including)
Salt	Saltstack	0.16.2 (including)	0.16.2 (including)
Salt	Saltstack	0.16.3 (including)	0.16.3 (including)
Salt	Saltstack	0.16.4 (including)	0.16.4 (including)
Salt	Saltstack	0.17.0 (including)	0.17.0 (including)
Salt	Ubuntu	raring	*
Salt	Ubuntu	saucy	*
Salt	Ubuntu	upstream	*

References

http://docs.saltstack.com/topics/releases/0.17.1.html
http://docs.saltstack.com/topics/releases/0.17.1.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-6617
CWE	https://cwe.mitre.org/data/definitions/264.html