EUVD-2018-0134

Malware in sbrugna...

SaltStack 3000 < 3006.12 / 3007 < 3007.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities, including the following: - Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

Hackers Compromise Cisco Servers Via SaltStack Flaws

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that ...

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier...