Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework. The flaws could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. Salt is a powerful Python-based automation and remote execution engine that’s designed to allow users to issue commands to multiple machines directly. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) addressing the issues.
Source: https://thehackernews.com/2020/05/saltstack-rce-vulnerability.html