Salt Vulnerability Discovered
340 views
Skip to first unread message
Cassandra Faris
Apr 23, 2020, 7:32:30 PM4/23/20
to Salt-users
A critical vulnerability has been discovered in Salt master versions 2019.2 and earlier and Salt 3000 versions before 3000.2. The vulnerability has been rated as critical with a Common Vulnerability Scoring System (CVSS) score of 10.0. Once SaltStack became aware of the vulnerability, we quickly took actions to remediate the vulnerability.
We are preparing to make the patches available on Wednesday, April 29, 2020 which will resolve the issue. Given the critical nature of the vulnerability we are advising all our users to quickly apply the patches as soon as they are available. More details are in the attached letter and at https://github.com/saltstack/community/blob/master/doc/Community-Message.pdf.
z iz
May 4, 2020, 3:34:01 PM5/4/20
to Salt-users
Are salt versions 2017.x and 2018.x vulnerable to this exploit?
Cassandra Faris
May 4, 2020, 3:42:41 PM5/4/20
to salt-...@googlegroups.com
Hello. They are vulnerable to this exploit. We've created patches for those versions as well. You can find patches available for versions all the way back to 2015.8.10 here: https://www.saltstack.com/lp/request-patch-april-2020/. Please let me know if you have any additional questions.
Cassandra Faris
SaltStack Community Manager
--
You received this message because you are subscribed to a topic in the Google Groups "Salt-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/salt-users/zjwt44a919U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/53d210d5-6d0d-4412-b8ac-0c9fcd726958%40googlegroups.com.
Cassandra Faris
SaltStack Community Manager
Reply all
Reply to author
Forward
0 new messages