CVE-2018-6517

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.
References
Link Resource
https://puppet.com/security/cve/CVE-2018-6517 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:puppet:chloride:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-21 16:00

Updated : 2024-02-28 17:08


NVD link : CVE-2018-6517

Mitre link : CVE-2018-6517

CVE.ORG link : CVE-2018-6517


JSON object : View

Products Affected

puppet

  • chloride
CWE
CWE-295

Improper Certificate Validation