Lucene search

GitHub Advisory DatabaseGHSA-F22J-37JJ-CXW9

HistoryMay 17, 2022 - 4:58 a.m.

SaltStack MITM SSH attack in salt-ssh

2022-05-1704:58:29

CWE-20

GitHub Advisory Database

github.com

saltstack

ssh

mitm

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

61.6%

JSON

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

Affected configurations

Vulners

Node

saltMatch0.17.0

VendorProductVersionCPE
*salt0.17.0cpe:2.3:a:*:salt:0.17.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	salt	0.17.0	cpe:2.3:a::salt:0.17.0:::::::

References

docs.saltstack.com/topics/releases/0.17.1.html

www.openwall.com/lists/oss-security/2013/10/18/3

github.com/advisories/GHSA-f22j-37jj-cxw9

nvd.nist.gov/vuln/detail/CVE-2013-4436

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

61.6%

JSON

Related for GHSA-F22J-37JJ-CXW9