New vulnerabilities make exposed Salt hosts easy targets
Helsinki, Finland – April 30, 2020: “Patch by Friday or compromised by Monday,” warns F-Secure Principal Consultant Olle Segerdahl . “That’s how I’d describe the dilemma facing admins who have their Salt master hosts exposed to the internet.” Segerdahl's warning is a reference to new Salt vulnerabilities (CVE-2020-11651 and CVE-2020-11652) disclosed earlier today in an F-Secure Labs advisory . Salt is open-source software that organizations use to maintain data centers and cloud environments.