Vulnerability Details CVE-2018-6517
Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-6517
-
cpe:2.3:a:puppet:chloride:0.1.0
-
cpe:2.3:a:puppet:chloride:0.2.0
-
cpe:2.3:a:puppet:chloride:0.2.1
-
cpe:2.3:a:puppet:chloride:0.2.2
-
cpe:2.3:a:puppet:chloride:0.2.3