SaltStack Framework Critical Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592)

 Overview Recently, SaltStack announced three severely critical bugs and has recommended users to prioritize and immediately apply the appropriate patches. Let’s understand all three bugs one by one: CVE-2020-16846 – If SSH client is enabled, sending crafted requests to Salt API results in shell injection. Thus, a client with network access to SaltStack Salt API … Continue reading “SaltStack Framework Critical Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592)”