CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
10.7%
Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair
Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did
not work as expected. A remote attacker could possibly use this issue to
determine timing information about keystrokes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 24.04 | noarch | openssh-client | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | openssh-client-dbgsym | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | openssh-server | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | openssh-server-dbgsym | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | openssh-sftp-server | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | openssh-sftp-server-dbgsym | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | openssh-tests | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | openssh-tests-dbgsym | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | ssh | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |
Ubuntu | 24.04 | noarch | ssh-askpass-gnome | < 1:9.6p1-3ubuntu13.4 | UNKNOWN |