21 matches found
CVE-2026-44467
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...
openssh security update
8.0p1-29.0.1 - Update upstream references Orabug: 36587718 8.0p1-29 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode Resolves: RHEL-164743 - CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions Resolves:...
CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...
CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...
CVE-2025-13914
CVE-2025-13914 concerns Juniper Networks Apstra SSH host key validation, described as a Key Exchange without Entity Authentication vulnerability. The issue enables an unauthenticated attacker to perform a man-in-the-middle attack on SSH connections from Apstra to managed devices, allowing imperso...
CVE-2025-13914
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...
PT-2026-31796
Name of the Vulnerable Software and Affected Versions Juniper Networks Apstra versions prior to 6.1.1 Description A Key Exchange without Entity Authentication issue exists in the SSH implementation of Juniper Networks Apstra. This allows an unauthenticated, man-in-the-middle MITM attacker to...
CVE-2025-20163
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...
CVE-2025-20163
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...
CVE-2025-20163
Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by an SSH host key validation issue that enables unauthenticated, remote MITM-style impersonation of NDFC-managed devices, potentially allowing credential interception. Root cause: insufficient SSH host key validation in NDFC’s SSH implem...
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks...
Man-in-the-Middle (MITM)
Salt vulnerable to Man-in-the-Middle MITM. The vulnerability is due to the absence of SSH host key validation in the default configuration of salt-ssh, which can be exploited by attackers to carry out man-in-the-middle attacks...
GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...
PT-2023-26195 · Oracle +1 · Jenkins Oracle Cloud Infrastructure Compute Classic Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Oracle Cloud Infrastructure Compute Plugin versions 1.0.16 and earlier Description: The issue concerns the lack of SSH host key validation when connecting to OCI clouds, which could enable man-in-the-middle attacks. This allows for th...
git2 Rust package suppresses ssh host key checking
By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...
Missing SSH host key validation in Jenkins Amazon EC2 Plugin
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not use SSH host key validation when connecting to agents. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. Jenkins Amazon EC2 Plugin 1.50.2 provides strategies for performing...
GHSA-Q8QQ-2P5P-RG44 Missing SSH host key validation in Jenkins Amazon EC2 Plugin
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not use SSH host key validation when connecting to agents. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. Jenkins Amazon EC2 Plugin 1.50.2 provides strategies for performing...
GHSA-RV9G-67F7-GRQ7 Missing SSH host key validation in Mac Plugin
Mac Plugin 1.1.0 and earlier does not use SSH host key validation when connecting to Mac Cloud host launched by the plugin. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. Mac Plugin 1.2.0 validates SSH host keys when...
PT-2020-15399 · Jenkins · Jenkins Amazon Ec2 Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: The issue concerns a lack of SSH host key validation when connecting agents, which could enable man-in-the-middle attacks to intercept connections to build agents. This could...