SaltStack Patches Critical Vulnerabilities in Salt (CVE-2020-11651 AND CVE-2020-11652)

CVE number – CVE-2020-11651 AND CVE-2020-11652

SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. 

Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild.

If you are running the latest supported versions of Salt (3000.x and 2019.x):

Visit https://repo.saltstack.com to download and install the new CVE release package. Instructions are provided to configure your operating system’s package manager for the latest Salt version, or you have the option to download the latest Salt package directly as a Python Module here:

If you are running an earlier version of Salt:

If you are on an earlier, unsupported version of Salt we strongly recommend you update your Salt Masters to the 2019.2.4 release or the 3000.2 release.

If you are not able to upgrade to the latest supported version of Salt immediately, patches for Salt 2015.8.x, 2016.3.x, 2016.11.x, 2017.7.x and 2018.3.x are available via the SaltStack Enterprise Knowledge Base.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: