CVE-2023-51384

Updated: 2024-11-30 03:44:55.999498

Description:

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU openssh 8.7p1 5.5 MEDIUM Ignored 2023-12-25 08:34:26
CentOS 6 ELS openssh 5.3p1 5.5 MEDIUM Ignored 2023-12-25 08:34:26
CentOS 7 ELS openssh 7.4p1 5.5 MEDIUM Ignored 2023-12-25 08:34:26
CentOS 8.4 ELS openssh 8.0p1-6 5.5 MEDIUM Ignored 2023-12-25 08:34:26
CentOS 8.5 ELS openssh 8.0p1-10 5.5 MEDIUM Ignored 2023-12-25 08:34:26
CloudLinux 6 ELS openssh 5.3p1 5.5 MEDIUM Ignored 2023-12-25 08:34:26
Oracle Linux 6 ELS openssh 5.3p1 5.5 MEDIUM Ignored 2023-12-25 08:34:26
Ubuntu 16.04 ELS openssh 7.2p2 5.5 MEDIUM Ignored 2023-12-25 08:34:26
Ubuntu 18.04 ELS openssh 7.6p1 5.5 MEDIUM Ignored 2023-12-25 08:34:26