CVE-2018-6517: Improper Certificate Validation

March 21, 2019 (updated October 3, 2019)

Chloride’s use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user’s known_hosts file without confirmation.

References

nvd.nist.gov/vuln/detail/CVE-2018-6517

Code Behaviors & Features

Detect and mitigate CVE-2018-6517 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →