Security News > 2020 > May > SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP!
Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns.
The vulnerabilities affect all Salt versions prior to 2019.2.4 and 3000.2, which were released last week.
"Adding network security controls that restrict access to the salt master to known minions, or at least block the wider Internet, would also be prudent as the authentication and authorization controls provided by Salt are not currently robust enough to be exposed to hostile networks," the researchers added.
"We must reinforce how critical it is that all Salt users patch their systems and follow the guidance we have provided outlining steps for remediation and best practices for Salt environment security. It is equally important to upgrade to latest versions of the platform and register with support for future awareness of any possible issues and remediations. As the primary maintainers of the Salt Open Project, trusted by the world's largest businesses to automate digital infrastructure operations and security, we take this vulnerability and the security of our platform very seriously. More information about our response and handling of CVEs is available in our Knowledge Base.".
"Yesterday, May 3, DigiCert announced that it is deactivating its Certificate Transparency 2 log server after determining that the key used to sign SCTs may have been exposed via critical SALT vulnerabilities. We do not believe the key was used to sign SCTs outside of the CT log's normal operation, though as a precaution, CAs that received SCTs from the CT2 log after May 2 at 5 p.m. U.S. Mountain Daylight Time should receive an SCT from another trusted log," a DigiCert spokesperson told Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/IMQ7IiY7TpI/