CVE-2013-4436
SaltStack Salt 0.17.0 - Man-in-the-Middle Attack via Unvalidated SSH Host Key
Title source: llmDescription
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/18/3
Patch, Vendor Advisory x_refsource_confirm
http://docs.saltstack.com/topics/releases/0.17.1.html
Scores
EPSS
0.0182
EPSS Percentile
76.2%
Details
CWE
CWE-20
Status
published
Products (2)
pypi/salt
0.17.0 - 0.17.1PyPI
saltstack/salt
0.17.0
Published
Nov 05, 2013
Tracked Since
Feb 18, 2026