CVE-2018-6517 - Improper handling of ssh known_hosts file with Chloride

  • Posted March 8, 2019

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 5.0

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.


Affected software versions:

  • chloride prior to 0.3.0

Resolved in:

  • chloride 0.3.0