Fri. May 29th, 2020

SaltStack multi critical vulnerabilities alert

1 min read

SaltStack security team issued a risk notice that there are multiple vulnerabilities in SaltStack, the vulnerability number is CVE-2020-11651/CVE-2020-11652, and the vulnerability level is serious.

SaltStack makes software for complex systems management at scale. SaltStack is the company that created and maintains the Salt Open project and develops and sells SaltStack Enterprise software, services and support. Easy enough to get running in minutes, scalable enough to manage tens of thousands of servers, and fast enough to communicate with them in seconds.

Salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more.CVE-2020-11651

SaltStack exists an authentication bypass vulnerability/directory traversal vulnerability. A remote attacker can send a specially crafted request to control all servers in SaltStack and execute arbitrary commands.
CVE-2020-11651 is an authentication bypass vulnerability, an attacker only needs to send a specially-made request packet, bypass SaltStack permission management, and call the related functions in SaltStack for command delivery.
CVE-2020-11652 is a directory traversal vulnerability that allows an attacker to read any file on the SaltStack server by constructing a malicious request. This vulnerability causes sensitive information to leak.

Affected version

  • SaltStack:< 2019.2.4
  • SaltStack:< 3000.2

We recommend that users install the latest patches in a timely manner.