2019-03-21 17:00:56 2019-03-25 21:02:59

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Advisory Patch Confirmed Link
https://puppet.com/security/cve/CVE-2018-6517