SaltStack multi critical vulnerabilities alert
SaltStack security team issued a risk notice that there are multiple vulnerabilities in SaltStack, the vulnerability number is CVE-2020-11651/CVE-2020-11652, and the vulnerability level is serious.
SaltStack makes software for complex systems management at scale. SaltStack is the company that created and maintains the Salt Open project and develops and sells SaltStack Enterprise software, services and support. Easy enough to get running in minutes, scalable enough to manage tens of thousands of servers, and fast enough to communicate with them in seconds.
Salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more.
Affected version
- SaltStack:< 2019.2.4
- SaltStack:< 3000.2
We recommend that users install the latest patches in a timely manner.