Security reseachers have identified a critical security vulnerability in the salt stack management framework.

If your salt “master” was reachable over the network by attackers, attackers could inject code into your salt managed hosts. At this time there are already reports of exploits in the wild.

SUSE has released security updates for its salt packages, please update them as soon as possible.

SUSE also recommends putting the salt master behind a firewall or a seperate network.

We described the problem in our TID

CVE pages:

(Visited 1 times, 1 visits today)

Category: SUSE Linux Enterprise Server, SUSE Manager
This entry was posted Thursday, 7 May, 2020 at 3:18 pm
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet