GHSA-J7C9-79X7-8HPR step-ca Has Improper Authorization Check for SSH Certificate Revocation
Summary An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token. Details Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate preventing...