The Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. Researchers say the bugs are easy to exploit and will likely be weaponized within a day. In-the-wild attacks are expected imminently, F-Secure researchers say. The bugs are especially dangerous given the topography of the Salt framework, which is managed by SaltStack. The firm says it expects to see that any competent hacker will be able to exploit these issues in the wild within 24 hours.
Source: https://threatpost.com/salt-bugs-full-rce-root-cloud-servers/155383/