info@cirt.gov.bd
+88-02-550071 83-86
Facebook Page LinkedIn Page Twitter Page

SaltStack Patches Critical Vulnerabilities in Salt

by
18 Jun 2020
in Security Advisories & Alerts
No Comments
1336

SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild.

CVE-2020-11651:

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

CVE-2020-11652:

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

For more information , please visit following URL:
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://docs.saltstack.com/en/latest/topics/releases/3000.2.html


Reference:
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://docs.saltstack.com/en/latest/topics/releases/3000.2.html
https://community.saltstack.com/blog/critical-vulnerabilities-update-cve-2020-11651-and-cve-2020-11652/

Share

Recommended Posts