CVE-2014-3563

high

Description

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95392

http://www.securityfocus.com/bid/69319

http://seclists.org/oss-sec/2014/q3/428

http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html

Details

Source: Mitre, NVD

Published: 2014-08-22

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H