In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
References
Configurations
History
21 Nov 2024, 08:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory | |
References | () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240105-0005/ - Third Party Advisory | |
References | () https://support.apple.com/kb/HT214084 - Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5586 - Third Party Advisory | |
References | () https://www.openssh.com/txt/release-9.6 - Release Notes | |
References | () https://www.openwall.com/lists/oss-security/2023/12/18/2 - Mailing List, Release Notes |
16 May 2024, 20:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory | |
References | () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240105-0005/ - Third Party Advisory | |
References | () https://support.apple.com/kb/HT214084 - Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5586 - Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
13 Mar 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Mar 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch | |
References | () https://www.openwall.com/lists/oss-security/2023/12/18/2 - Mailing List, Release Notes | |
References | () https://www.openssh.com/txt/release-9.6 - Release Notes |
19 Dec 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-18 19:15
Updated : 2024-11-21 08:37
NVD link : CVE-2023-51384
Mitre link : CVE-2023-51384
CVE.ORG link : CVE-2023-51384
JSON object : View
Products Affected
debian
- debian_linux
openbsd
- openssh
CWE