Security Issues: CVE-2020-11651 and CVE-2020-11652

Just wanted to make sure the AutoPi team was aware of the CVE’s recently disclosed by SaltStack at

These vulnerabilities have been seen exploited in the wild and primarily are affecting the master servers but do give access to the minions. This requires updating to the releases provided on April 29th. I have not seen any community announcements stating these updates have been applied.

Hi @Zaf9670,

Thank you for reporting this.

We are very much aware of this and all our servers are secured from this vulnerbility in salt. We’ve already, prior to this, taken measurements to ensure that this kind of attack is not possible on our servers, by applying all needed patches, but also closing down the entry used in the CVE.


This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.