Critical Vulnerability in Data Centre Configuration Tool Gives “Full Remote Command Execution"

Critical Vulnerability in Data Centre Configuration Tool Gives “Full Remote Command Execution as Root"
April 30, 2020
https://www.cbronline.com/cybersecurity/threats/salt-vulnerability-f-secure/

 

Hackers breach LineageOS servers via unpatched vulnerability
LineageOS source code, OS builds, and signing keys were unaffected, developers said
May 3, 2020
https://www.zdnet.com/article/hackers-breach-lineageos-servers-via-unpatched-vulnerability/

 

Ghost blogging platform servers hacked and infected with crypto-miner
...same vulnerability that allowed hackers to breach LineageOS servers hours before
May 3, 2020
https://www.zdnet.com/article/ghost-blogging-platform-servers-hacked-and-infected-with-crypto-miner/

 

one more victim (DigiCert)
Recent Salt Vulnerabilities Exploited to Hack LineageOS, Ghost, DigiCert Servers
May 4, 2020
https://www.securityweek.com/recent...ploited-hack-lineageos-ghost-digicert-servers

 

Search provider Algolia discloses security incident due to Salt vulnerability
Algolia now joins the ranks of LineageOS, Ghost, Digicert, and Xen Orchestra
May 6, 2020
https://www.zdnet.com/article/searc...-security-incident-due-to-salt-vulnerability/

 

VMware to Patch Recent Salt Vulnerabilities in vROps
May 11, 2020
https://www.securityweek.com/vmware-patch-recent-salt-vulnerabilities-vrops

 

Cisco discloses security breach that impacted VIRL-PE infrastructure
Hackers used vulnerabilities in the SaltStack data center software to breach six Cisco servers
May 28, 2020
https://www.zdnet.com/article/cisco-discloses-security-breach-that-impacted-virl-pe-infrastructure/

 

Cisco Announces Patches to SaltStack
May 29, 2020
https://www.darkreading.com/vulnera...announces-patches-to-saltstack/d/d-id/1337954

Cisco Releases Security Updates for CML and VIRL-PE

 

SaltStack reveals new critical vulnerabilities, patch now
November 3, 2020
https://www.bleepingcomputer.com/ne...veals-new-critical-vulnerabilities-patch-now/

 

Detailing SaltStack Salt Command Injection Vulnerabilities
November 24, 2020
https://www.zerodayinitiative.com/b...tstack-salt-command-injection-vulnerabilities