SaltStack Framework Critical Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592)

 Overview Recently, SaltStack announced three severely critical bugs and has recommended users to prioritize and immediately apply the appropriate patches. Let’s understand all three bugs one by one: CVE-2020-16846 – If SSH client is enabled, sending crafted requests to Salt API results in shell injection. Thus, a client with network access to SaltStack Salt API … Continue reading “SaltStack Framework Critical Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592)”

Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)

Summary: Amidst the global Pandemic, a serious hacking campaign is currently underway, and several companies have been hacked already., that stands in Fortune 500 companies. For the past 24 hours, hackers have been mass-scanning the internet for Salt, a type of software used as configuration management inside data centers, cloud server clusters, and enterprise networks. … Continue reading “Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)”