Our virtual user conference SaltConf21 will be November 3-4! Call for Speakers will be open June 14 - July 26.

2020-OCT-30 SALTSTACK CVE – CRITICAL UPDATE

Three related critical vulnerabilities have been discovered in Salt versions 3002 and earlier.

Two of these vulnerabilities are expected to be rated as high/critical and the other is expected to be low based on the Common Vulnerability Scoring System (CVSS). Once SaltStack became aware of the vulnerabilities, we quickly took actions to remediate them.

We are preparing a CVE release to be available on Tuesday, November 3rd at 10:00 MST. The CVE packages will be available for 3002.1, 3001.3, and 3000.5 and patches for older versions.

Read more.