In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
12 Sep 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 May 2022, 22:01
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
27 Mar 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Mar 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Mar 2022, 15:04
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546 - Exploit, Third Party Advisory | |
References | (MISC) https://www.paramiko.org/changelog.html - Release Notes, Vendor Advisory | |
CWE | CWE-362 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:* |
21 Mar 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Mar 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-17 22:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-24302
Mitre link : CVE-2022-24302
CVE.ORG link : CVE-2022-24302
JSON object : View
Products Affected
paramiko
- paramiko
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')