CVE-2018-6517
N/A
N/A
Summary
Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Puppet | Chloride | prior to 0.3.0 | affected |
Weaknesses
- Improper handling of known_hosts file
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.