Advisory Published
Advisory Published

saltproject-2021-01-29-advisory: Active Salt CVE Announcement - 2021-JAN-21

First published: Fri Jan 29 2021(Updated: )

Several critical vulnerabilities have been discovered in Salt. These affect versions 3002 and earlier. Most of these, we expect the Common Vulnerability Scoring System (CVSS) rating to be high or critical. We quickly took actions to remediate once made aware of the vulnerabilities. We are preparing a CVE release to be generally available on Thursday, February 4th around noon MST. The CVE packages will be available for 3002.3, 3001.5, and 3000.7 and patches for older versions. The release will only contain the patches available to resolve and remediate the identified vulnerabilities. We recommend reviewing the article Hardening Salt to ensure you are actively following SaltStack’s best practices for securing your Salt Environment. These ensure you are safeguarded. We advise quickly applying the CVE release as soon as available. Please contact us if you have any questions or comments at saltproject-security.pdl@broadcom.com.

Affected SoftwareAffected VersionHow to fix
SaltStack Salt

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203