Security News > 2020 > November > SaltStack reveals new critical vulnerabilities, patch now
SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today.
While the vulnerabilities were disclosed today, it is worth noting that fixes for all three vulnerabilities were committed and disclosed to GitHub much earlier.
The advance partial disclosure on these critical vulnerabilities is a cautious move on SaltStack's part given the widespread attacks that had hit vulnerable Salt instances earlier this year.
"Two of these vulnerabilities are expected to be rated as high/critical and the other is expected to be low based on the Common Vulnerability Scoring System. Once SaltStack became aware of the vulnerabilities, we quickly took actions to remediate them," stated the October 30th advisory.
The company has also made patches available for older versions, such as 2019.x. SaltStack has provided some tips on how to harden your Salt instances, in addition to patching for new vulnerabilities that may be discovered from time to time.
News URL
Related news
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Critical vulnerabilities persist in high-risk sectors (source)