Critical security issue in Salt Stack

May 7, 2020 | By: Marcus Meissner

Security reseachers have identified a critical security vulnerability in the salt stack management framework.

If your salt “master” was reachable over the network by attackers, attackers could inject code into your salt managed hosts. At this time there are already reports of exploits in the wild.

SUSE has released security updates for its salt packages, please update them as soon as possible.

SUSE also recommends putting the salt master behind a firewall or a seperate network.

We described the problem in our TID

CVE pages:

May 10th, 2023

Solving the patching paradox challenge: How important is it to enforce a security policy in a SAP environment

Sebastian Martinez

Feb 24th, 2022

SUSE Linux Enterprise 15 Service Pack 4 Public Beta is out!

Vincent Moutoussamy

Jul 28th, 2023

Step by Step instructions for building a Multiple Architecture openSUSE Leap PXE Server

Erin Quill

Jan 14th, 2022

The Future of Retail is Now

Thomas Helmer

Critical security issue in Salt Stack

Related Articles

Solving the patching paradox challenge: How important is it to enforce a security policy in a SAP environment

SUSE Linux Enterprise 15 Service Pack 4 Public Beta is out!

Step by Step instructions for building a Multiple Architecture openSUSE Leap PXE Server

The Future of Retail is Now

Leave a Reply Cancel reply

Critical security issue in Salt Stack

Related Articles

Solving the patching paradox challenge: How important is it to enforce a security policy in a SAP environment

SUSE Linux Enterprise 15 Service Pack 4 Public Beta is out!

Step by Step instructions for building a Multiple Architecture openSUSE Leap PXE Server

The Future of Retail is Now

Leave a Reply Cancel reply

Business-Critical Linux

Enterprise Container Management

Edge

Solutions

Industries

Support

Services

Resources

Partners

Communities

About