CVE-2018-6517

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.
References
Link Resource
https://puppet.com/security/cve/CVE-2018-6517 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:puppet:chloride:*:*:*:*:*:*:*:*

Information

Published : 2019-03-21 04:00

Updated : 2019-10-03 12:03


NVD link : CVE-2018-6517

Mitre link : CVE-2018-6517

Products Affected
No products.
CWE
CWE-295

Improper Certificate Validation