The Salt configuration tool patched two vulnerabilities, through which it was easy to expose the Salt installation to the full control of the attacker. The patch has been released, but unfortunately the systems are not automatic updates so they may still be vulnerable.

https://www.theregister.co.uk/2020/04/30/salt_automation_tool_vulnerable_to/