CVE-2013-4436

SaltStack Salt 0.17.0 - Man-in-the-Middle Attack via Unvalidated SSH Host Key

Title source: llm
STIX 2.1

Description

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/18/3
Patch, Vendor Advisory x_refsource_confirm
http://docs.saltstack.com/topics/releases/0.17.1.html

Scores

EPSS 0.0182
EPSS Percentile 76.2%

Details

CWE
CWE-20
Status published
Products (2)
pypi/salt 0.17.0 - 0.17.1PyPI
saltstack/salt 0.17.0
Published Nov 05, 2013
Tracked Since Feb 18, 2026