CVE-2018-6517

Name: CVE-2018-6517
Creator: NVD / NIST
Published: 2019-03-21T16:00:56.483+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.89%

Last modified Jun 17, 2026

CVE-2018-6517 is a vulnerability of currently unknown severity. Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.

Description

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.

Metrics

EPSS Probability

0.89%

54.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-295

Affected Software

Vendor	Product	Versions
Puppet	Chloride	< 0.3.0

References

https://puppet.com/security/cve/CVE-2018-6517Third Party Advisory
https://puppet.com/security/cve/CVE-2018-6517Third Party Advisory

Timeline

Published: Mar 21, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-6517?

How severe is CVE-2018-6517?

Severity scoring for CVE-2018-6517 is pending analysis. The EPSS model estimates a 0.89% probability of exploitation in the next 30 days.

How do I fix CVE-2018-6517?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-6517?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST