Lucene search

GoogleOSV:CVE-2020-24359

HistoryAug 20, 2020 - 5:15 p.m.

CVE-2020-24359

2020-08-2017:15:10

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host’s network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.

CPENameOperatorVersion
vault-ssh-helpereq0.1.3
vault-ssh-helpereq0.1.0
vault-ssh-helpereq0.1.1
vault-ssh-helpereq0.1.6
vault-ssh-helpereq0.1.5
vault-ssh-helpereq0.1.4
vault-ssh-helpereq0.1.2

Name	Operator	Version
vault-ssh-helper	eq	0.1.3
vault-ssh-helper	eq	0.1.0
vault-ssh-helper	eq	0.1.1
vault-ssh-helper	eq	0.1.6
vault-ssh-helper	eq	0.1.5
vault-ssh-helper	eq	0.1.4
vault-ssh-helper	eq	0.1.2

References

github.com/hashicorp/vault-ssh-helper/blob/master/CHANGELOG.md#020-august-19-2020

github.com/hashicorp/vault-ssh-helper/releases

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for OSV:CVE-2020-24359