Automation software slinger SaltStack warns of stop-watching-the-election-and-patch-now bugs

2020-11-04 02:45

SaltStack has officially revealed three bugs in its code - two of them seemingly critical - and told users: "We strongly recommend that you prioritize this update." But the biz appears to have known about the bugs for months and quietly patched them over the summer.

SaltStack offers open-source, Python-based automation tools.

That makes disclosure of the bugs today - US election day - feel a little like trying to hide bad news.

Given that today is full of distractions, it's also not the best way to spread the word of bugs that SaltStack says should be at the top of users' to-do lists.

SaltStack credited Trend Micro's ZDI team for finding a couple of the bugs, and we note that ZDI reported those holes to the vendor in June, making the early November disclosure all the more weird.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/04/saltstack_security/

#automation #election #patch

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Saltstack		5	4	17	20	14	55