CVE-2018-6517

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6517

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6517.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6517

Aliases

GHSA-573x-jhqh-jg36

Published

2019-03-21T16:00:56Z

Modified

2024-09-03T02:15:50.024697Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's knownhosts file without confirmation. In version 0.3.0 this is updated so that the user's knownhosts file is not updated by chloride.

References

https://puppet.com/security/cve/CVE-2018-6517

Affected packages

Git / github.com/puppetlabs/chloride

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/chloride
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e449530bbcc3d39e53c39383e430e27a82baa35a

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.2.2

0.2.3