Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2013-4436

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

  • Published: Nov 5, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-4436
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
saltstack / salt 0.17.0 0.17.0.x