{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43282?format=json","vulnerability_id":"VCID-6kj4-zf2a-dyc2","summary":"SaltStack RSA Key Generation allows remote users to decrypt communications","aliases":[{"alias":"CVE-2013-2228"},{"alias":"GHSA-gq26-cpq6-w85r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7713?format=json","purl":"pkg:pypi/salt@0.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ds7-ga65-r3b6"},{"vulnerability":"VCID-2h9s-fgnc-1qeg"},{"vulnerability":"VCID-3xs9-ym4e-fyag"},{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-5hr1-5aec-43h3"},{"vulnerability":"VCID-5w26-jb3k-u3b7"},{"vulnerability":"VCID-65p4-5x86-y3fj"},{"vulnerability":"VCID-6cfw-9xe8-43d6"},{"vulnerability":"VCID-6qhe-17nn-7fc1"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8ghn-kbm9-sfas"},{"vulnerability":"VCID-8jkp-8ngh-9bcd"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-az3x-2atn-pqh4"},{"vulnerability":"VCID-bxh1-y9mk-3ygg"},{"vulnerability":"VCID-byz4-ynsr-kbec"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-cubj-wrbp-1qbu"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-ew62-nxq6-fudr"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-j5th-837s-fkft"},{"vulnerability":"VCID-jbea-m4ak-tqd7"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-mbpz-g2vs-tqc1"},{"vulnerability":"VCID-neby-tsrt-ryg5"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-p4xa-ks7v-wbay"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-reer-fk1f-tkbj"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-u5sa-wp1e-wyhg"},{"vulnerability":"VCID-uwr9-v56j-cuak"},{"vulnerability":"VCID-v345-m7e1-aue2"},{"vulnerability":"VCID-v43a-k2bg-wkbz"},{"vulnerability":"VCID-w2qv-hbsf-xyfh"},{"vulnerability":"VCID-xccs-pwhb-nuce"},{"vulnerability":"VCID-xfnm-yvm9-73az"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.15.1"}],"affected_packages":[],"references":[{"reference_url":"https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2228","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2228"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2228","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2228"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85372","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2228","reference_id":"CVE-2013-2228","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2228"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2013-2228","reference_id":"CVE-2013-2228","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2013-2228"},{"reference_url":"https://github.com/advisories/GHSA-gq26-cpq6-w85r","reference_id":"GHSA-gq26-cpq6-w85r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gq26-cpq6-w85r"}],"weaknesses":[{"cwe_id":307,"name":"Improper Restriction of Excessive Authentication Attempts","description":"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kj4-zf2a-dyc2"}