Vulnerabilities > Puppet > Chloride > High

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2018-6517 Improper Certificate Validation vulnerability in Puppet Chloride
Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation.
network
low complexity
puppet CWE-295
7.5