CVE-2023-28531

Updated: 2024-11-24 05:22:36.080842

Description:

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS openssh 5.3p1 9.8 CRITICAL Not Vulnerable 2023-03-27 14:04:00
CentOS 8.4 ELS openssh 8.0p1-6 9.8 CRITICAL Not Vulnerable 2023-03-27 14:04:00
CentOS 8.5 ELS openssh 8.0p1-10 9.8 CRITICAL Not Vulnerable 2023-03-27 14:04:00
CloudLinux 6 ELS openssh 5.3p1 9.8 CRITICAL Not Vulnerable 2023-03-27 14:04:00
Oracle Linux 6 ELS openssh 5.3p1 9.8 CRITICAL Not Vulnerable 2023-03-27 14:04:00
Ubuntu 16.04 ELS openssh 7.2p2 9.8 CRITICAL Not Vulnerable 2023-03-27 14:04:00
Ubuntu 18.04 ELS openssh 7.6p1 9.8 CRITICAL Not Vulnerable 2023-05-30 08:56:49