2 matches found
SUSE CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
PT-2023-1358
Name of the Vulnerable Software and Affected Versions Rust versions prior to 1.66.1 Description The issue is related to the Cargo package manager in Rust, which does not perform SSH host key verification when cloning indexes and dependencies via SSH. This allows an attacker to perform...