CVE Database

CVE-2013-4436

Impact: Low
Public: 2013-09-19
Bugzilla: 1020306: CVE-2013-4435 CVE-2013-4436 CVE-2013-4437 CVE-2013-4438 CVE-2013-4439 CVE-2013-6617 salt: saltstack multiple flaws

Details

The MITRE CVE dictionary describes this issue as:

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

Find out more about CVE-2013-4436 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score: 2.9
Base Metrics: AV:A/AC:M/Au:N/C:P/I:N/A:N
Access Vector: Adjacent Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date

External References

http://docs.saltstack.com/topics/releases/0.17.1.html

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.