Top
image credit: Pixabay

Salt Bugs Allow Full RCE as Root on Cloud Servers

April 30, 2020

Category:

The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently.

According to F-Secure researchers, the framework, authored by the company SaltStack but also used as an open-source configuration tool to monitor and update the state of servers, has a pair of flaws within its default communications protocol, known as ZeroMQ.

Read More on Threat Post