CVE-2024-4871

Name of the Vulnerable Software and Affected Versions Satellite (affected versions not specified)

Description A vulnerability was found in Satellite where the host's SSH key is not being checked when running a remote execution job on a host. This is due to the use of "-o StrictHostKeyChecking=no", which allows the Satellite to connect to the host even when the SSH key changes. This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.