Read the original article: Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments.
The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2)
Read the original article: Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers