Описание
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:saltstack:salt:0.17.0:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00711
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
больше 12 лет назад
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
debian
больше 12 лет назад
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 ...
EPSS
Процентиль: 72%
0.00711
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-20