Описание
Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.3.0 (исключая)
cpe:2.3:a:puppet:chloride:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00198
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
EPSS
Процентиль: 42%
0.00198
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-295