feat(SAAS-28151 + SAAS-28108): remove unsupported code start plugins …

…+ fix all open salt severity to critical
aquasecurity · Feb 27, 2025 · 556052f · 556052f
1 parent 7358797
commit 556052f
Show file tree

Hide file tree

Showing 9 changed files with 5 additions and 351 deletions.
diff --git a/plugins/alibaba/ecs/openSalt.js b/plugins/alibaba/ecs/openSalt.js
@@ -5,7 +5,7 @@ module.exports = {
     title: 'Open Salt',
     category: 'ECS',
     domain: 'Compute',
-    severity: 'Medium',
+    severity: 'Critical',
     description: 'Ensure that security groups does not have TCP ports 4505 or 4506 for the Salt master open to the public.',
     more_info: 'Active Salt vulnerabilities, CVE-2020-11651 and CVE-2020-11652 are exploiting Salt instances exposed to the internet. These ports should be closed immediately.',
     link: 'https://www.alibabacloud.com/help/doc-detail/25471.htm',

diff --git a/plugins/aws/codestar/codestarHasTags.js b/plugins/aws/codestar/codestarHasTags.js
diff --git a/plugins/aws/codestar/codestarHasTags.spec.js b/plugins/aws/codestar/codestarHasTags.spec.js
diff --git a/plugins/aws/codestar/codestarValidRepoProviders.js b/plugins/aws/codestar/codestarValidRepoProviders.js
diff --git a/plugins/aws/codestar/codestarValidRepoProviders.spec.js b/plugins/aws/codestar/codestarValidRepoProviders.spec.js
diff --git a/plugins/aws/ec2/openSalt.js b/plugins/aws/ec2/openSalt.js
@@ -5,7 +5,7 @@ module.exports = {
     title: 'Open Salt',
     category: 'EC2',
     domain: 'Compute',
-    severity: 'High',
+    severity: 'Critical',
     description: 'Determine if TCP ports 4505 or 4506 for the Salt master are open to the public',
     more_info: 'Active Salt vulnerabilities, CVE-2020-11651 and CVE-2020-11652 are exploiting Salt instances exposed to the internet. These ports should be closed immediately.',
     link: 'https://help.saltstack.com/hc/en-us/articles/360043056331-New-SaltStack-Release-Critical-Vulnerability',

diff --git a/plugins/azure/networksecuritygroups/openSalt.js b/plugins/azure/networksecuritygroups/openSalt.js
@@ -5,7 +5,7 @@ module.exports = {
     title: 'Open Salt',
     category: 'Network Security Groups',
     domain: 'Network Access Control',
-    severity: 'Medium',
+    severity: 'Critical',
     description: 'Determine if TCP ports 4505 or 4506 for the Salt master are open to the public',
     more_info: 'Active Salt vulnerabilities, CVE-2020-11651 and CVE-2020-11652 are exploiting Salt instances exposed to the internet. These ports should be closed immediately.',
     link: 'https://help.saltstack.com/hc/en-us/articles/360043056331-New-SaltStack-Release-Critical-Vulnerability',

diff --git a/plugins/google/vpcnetwork/openSalt.js b/plugins/google/vpcnetwork/openSalt.js
@@ -5,7 +5,7 @@ module.exports = {
     title: 'Open Salt',
     category: 'VPC Network',
     domain: 'Network Access Control',
-    severity: 'High',
+    severity: 'Critical',
     description: 'Determine if TCP ports 4505 or 4506 for the Salt master are open to the public',
     more_info: 'Active Salt vulnerabilities, CVE-2020-11651 and CVE-2020-11652 are exploiting Salt instances exposed to the internet. These ports should be closed immediately.',
     link: 'https://help.saltstack.com/hc/en-us/articles/360043056331-New-SaltStack-Release-Critical-Vulnerability',

diff --git a/plugins/oracle/networking/openSalt.js b/plugins/oracle/networking/openSalt.js
@@ -5,7 +5,7 @@ module.exports = {
     title: 'Open Salt',
     category: 'Networking',
     domain: 'Network Access Control',
-    severity: 'Medium',
+    severity: 'Critical',
     description: 'Determine if TCP ports 4505 or 4506 for the Salt master are open to the public',
     more_info: 'Active Salt vulnerabilities, CVE-2020-11651 and CVE-2020-11652 are exploiting Salt instances exposed to the internet. These ports should be closed immediately.',
     recommended_action: 'Restrict TCP ports 4505 and 4506 to known IP addresses',