Critical Vulnerabilities in SaltStack Management Framework

Published on 05 May 2020

Updated on 05 May 2020

 

Security researchers discovered two critical vulnerabilities (CVE-2020-11651 and CVE-2020-11652) in the SaltStack management framework. SaltStack is an open-source software for event-driven IT automation, remote task execution and configuration management that is widely used in data centres and cloud servers. The vulnerabilities could allow an attacker to bypass authentication checks and launch directory traversal attacks respectively.

 

Successful exploitation of these vulnerabilities could allow an attacker to conduct remote command execution with root privileges. All Salt versions prior to 2019.2.4 and 3000.2 are affected.

 

Administrators and users of affected products are advised to install the latest security updates immediately. They are encouraged to enable the automatic update function to ensure prompt software updates can be performed.

 

More information is available at

https://www.us-cert.gov/ncas/current-activity/2020/05/01/saltstack-patches-critical-vulnerabilities-salt

https://www.zdnet.com/article/saltstack-salt-critical-bugs-allow-data-center-cloud-server-hijacking-as-root/

https://gbhackers.com/saltstack-salt/