Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: chloride
date: 2019-03-08
url: https://puppet.com/security/cve/CVE-2018-6517
cve: 2018-6517
title: Improper handling of ssh known_hosts file with Chloride
description: |
  Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints
  for previously unknown hosts getting added to the user's known_hosts file without
  confirmation. In version 0.3.0 this is updated so that the user's known_hosts file
  is not updated by chloride.
cvss_v3: '5.0'
patched_versions:
- ">= 0.3.0"