Get a Pentest and security assessment of your IT network.

Cyber Security

SaltStack reveals new critical vulnerabilities, patch now

SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today. Salt is an open-source IT infrastructure management solution written in Python that is widely used by data centers around the world. The three vulnerabilities disclosed today are as follows, with their severity mentioned in the parentheses: CVE-2020-16846 (High/Critical) is a shell injection vulnerability in Salt API that was patched by removing the `shell=True` option when calling “subprocess.call”” via the SSH client.”

Source: https://www.bleepingcomputer.com/news/security/saltstack-reveals-new-critical-vulnerabilities-patch-now/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation