High severityNVD Advisory· Published Nov 5, 2013· Updated Apr 29, 2026
CVE-2013-4436
CVE-2013-4436
Description
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | >= 0.17.0, < 0.17.1 | 0.17.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- docs.saltstack.com/topics/releases/0.17.1.htmlnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-f22j-37jj-cxw9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4436ghsaADVISORY
- www.openwall.com/lists/oss-security/2013/10/18/3nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-26.yamlghsaWEB
News mentions
0No linked articles in our index yet.