Vulnerability
SaltStack is a configuration management and orchestration tool that is also known as Salt. A critical vulnerability was observed in SaltStack where shell injection can be initiated by sending maliciously tailored web requests to the Salt API, keeping the SSH client enabled. This can easily be exploited by an unauthenticated user with network access to the Salt API.
Mitigation / Precaution
In order to patch this vulnerability, please install the official patch SaltStack made available for supported, vulnerable instances.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
