Tag
configuration-management
Safeguard articles tagged "configuration-management" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
SaltStack Directory Traversal Paired With Auth Bypass (CV...
CVE-2020-11652, a directory traversal flaw in SaltStack's salt-master, paired with an auth bypass to enable full remote compromise. Impact, CVSS/KEV context, and fixes.
Nov 23, 20257 min read
Infrastructure Security
Puppet Forge Supply Chain Security: Trusting Your Configuration Management
Puppet modules from the Forge run with root-level access on your servers. The supply chain security of these modules deserves the same scrutiny as any dependency.
Dec 12, 20235 min read