PT-2019-11025 · Chloride · Chloride

Published

2019-03-17

Updated

2019-10-03

CVE-2018-6517

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: chloride versions prior to 0.3.0

Description: The issue concerns the handling of host fingerprints for previously unknown hosts. Without proper confirmation, host fingerprints were added to the user's known hosts file. This behavior has been updated in version 0.3.0 to prevent the user's known hosts file from being updated by chloride.

Recommendations: For versions prior to 0.3.0, update to version 0.3.0 or later to prevent the user's known hosts file from being updated without confirmation.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2018-6517

GHSA-573X-JHQH-JG36

Affected Products

Chloride

PT-2019-11025 · Chloride · Chloride

CVE-2018-6517

Weakness Enumeration

Related Identifiers

Affected Products

References · 6