An issue has been found in Salt prior to 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the tls execution module, it will not ensure the key was created with the correct permissions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
saltstack salt 3001 |
||
saltstack salt |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
Fixes look to have landed in GitHub well ahead of disclosure
SaltStack has officially revealed three bugs in its code – two of them seemingly critical – and told users: “We strongly recommend that you prioritize this update.” But the biz appears to have known about the bugs for months and quietly patched them over the summer. SaltStack offers open-source, Python-based automation tools. It was acquired by VMware in October, and Virtzilla hailed the deal as completing and extending its automation offerings and to help it provide a full-stack offerin...