Critical security issue in Salt Stack | SUSE Communities

Critical security issue in Salt Stack


Security reseachers have identified a critical security vulnerability in the salt stack management framework.

If your salt “master” was reachable over the network by attackers, attackers could inject code into your salt managed hosts. At this time there are already reports of exploits in the wild.

SUSE has released security updates for its salt packages, please update them as soon as possible.

SUSE also recommends putting the salt master behind a firewall or a seperate network.

We described the problem in our TID

CVE pages:


Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet

Avatar photo