Tag
SaltStack
Safeguard articles tagged "SaltStack" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Vulnerability Analysis
SaltStack Authentication Bypass Behind Mass Salt-Master E...
CVE-2020-11651 let unauthenticated attackers hijack Salt masters, triggering mass exploitation within days of disclosure. Here is what happened and how to fix it.
Nov 23, 20257 min read
Vulnerability Analysis
SaltStack Directory Traversal Paired With Auth Bypass (CV...
CVE-2020-11652, a directory traversal flaw in SaltStack's salt-master, paired with an auth bypass to enable full remote compromise. Impact, CVSS/KEV context, and fixes.
Nov 23, 20257 min read
Vulnerability Analysis
CVE-2020-11651: Authentication bypass in SaltStack salt-m...
CVE-2020-11651, a critical CVSS 9.8 authentication bypass in SaltStack's salt-master, enabled unauthenticated RCE and fueled real-world attacks on LineageOS, Ghost, and DigiCert.
Oct 1, 20258 min read