Bleeping Computer

SaltStack reveals new critical vulnerabilities, patch now

SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today. Salt is an open-source IT infrastructure management ...
ZDNet

SaltStack revises partial patch for command injection, privilege escalation vulnerability

The Salt Project has issued a secondary fix for a command injection vulnerability after the first attempt to patch the issue partially failed. The vulnerability, tracked as CVE-2020-28243, impacts ...
Bleeping Computer

Hackers exploit Salt RCE bugs in widespread attacks, PoCs public

Hackers kept busy this weekend exploiting vulnerable Salt instances used in various infrastructures for server management and automation. Among the organizations that announced an intrusion are ...