{"id":"PYSEC-2013-26","details":"The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.","aliases":["CVE-2013-4436","GHSA-f22j-37jj-cxw9"],"modified":"2024-05-01T11:41:33.131860Z","published":"2013-11-05T18:55:00Z","references":[{"type":"WEB","url":"http://docs.saltstack.com/topics/releases/0.17.1.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/10/18/3"}],"affected":[{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.17.0"},{"fixed":"0.17.1"}]}],"versions":["0.17.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2013-26.yaml"}}],"schema_version":"1.7.3"}