Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns.
About SaltStack Salt
Salt is used for configuring, managing and monitoring servers in datacenters and cloud environments.
The Salt installation is the “master” and each server it monitors runs an API agent called a “minion”. The minions send state reports to the master and the master publishes update messages containing instructions/commands to the minions. The communication between the master and its minions is secured (encrypted).
About the vulnerabilities
Discovered by F-Secure researchers, CVE-2020-11651 (an authentication bypass flaw) and CVE-2020-11652 (a directory traversal flaw) ca ..
Support the originator by clicking the read the rest link below.
