Lucene search

Redhat.comRH:CVE-2019-0816

HistoryMar 13, 2019 - 10:50 a.m.

CVE-2019-0816

2019-03-1310:50:30

redhat.com

access.redhat.com

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.9%

JSON

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka ‘Azure SSH Keypairs Security Feature Bypass Vulnerability’.

Mitigation

See steps from <https://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm>

References

bugzilla.redhat.com/show_bug.cgi?id=1680165

nvd.nist.gov/vuln/detail/CVE-2019-0816

support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm

www.cve.org/CVERecord?id=CVE-2019-0816

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for RH:CVE-2019-0816