3 matches found
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
Update to bugfix release 0.17.1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
CVE-2013-4436
The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...
CVE-2013-4436
CVE-2013-4436 concerns SaltStack’s salt-ssh default configuration (Salt 0.17.0) that does not validate the SSH host key, enabling MITM-style impact. Multiple connected sources (GHSA-F22J-37JJ-CXW9, OSV, NVD variant) corroborate the MITM risk but do not provide exploit details. A remediation menti...