9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.2%
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
Until version 2.1.0, the code affected by this vulnerability appeared in org.apache.sshd:sshd-core
. Version 2.1.0 contains a commit where the code was moved to the package org.apache.sshd:sshd-common
, which did not exist until version 2.1.0.
CPE | Name | Operator | Version |
---|---|---|---|
org.apache.sshd:sshd-core | lt | 2.1.0 | |
org.apache.sshd:sshd-common | lt | 2.9.2 |
github.com/advisories/GHSA-fhw8-8j55-vwgq
github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32
github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5
nvd.nist.gov/vuln/detail/CVE-2022-45047
www.mail-archive.com/[email protected]/msg39312.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.2%