An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands against targets set in a Salt-SSH roster.
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands against targets set in a Salt-SSH roster.
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/25/2019.2.6.patch