Two critical vulnerabilities in the software of the open source Salt project have been awarded the highest possible CVSS score of 10 — with security company F-Secure today warning that “we expect that any competent hacker will be able to create 100 percent reliable exploits for these issues in under 24 hours.” The “Salt” management framework by the company SaltStack is widely used as a configuration tool to manage servers in data centres, including in cloud environments. The vulnerabilities, in Salt master versions 3001 and earlier, were patched yesterday by SaltStack, but F-Secure has warned that over 6,000 instances of this service are exposed to the public Internet and likely not configured to automatically update the salt software packages.

Read full article on CBR – CyberSecurity News