Описание
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.17.5+ds-1 |
| esm-infra-legacy/trusty | not-affected | 0.17.5+ds-1 |
| lucid | DNE | |
| precise | DNE | |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | ignored | end of life |
| trusty | not-affected | 0.17.5+ds-1 |
| trusty/esm | not-affected | 0.17.5+ds-1 |
| upstream | released | 0.17.1 |
Показывать по
10
EPSS
Процентиль: 72%
0.00711
Низкий
9.3 Critical
CVSS2
Связанные уязвимости
nvd
больше 12 лет назад
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
debian
больше 12 лет назад
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 ...
EPSS
Процентиль: 72%
0.00711
Низкий
9.3 Critical
CVSS2