Lucene search
K

205 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

5.9CVSS5.8AI score0.00868EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.3 views

SUSE CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

7.5CVSS6.8AI score0.00649EPSS
Exploits0References7
OSV
OSV
added 2023/01/24 2:38 p.m.9 views

SUSE-SU-2023:0133-1 Security update for rust1.65

This update for rust1.65 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH bsc1206930...

5.9CVSS5.7AI score0.00649EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/21 12:0 a.m.21 views

Fedora 36 : rust (2023-575fcaf4bf)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-575fcaf4bf advisory. Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the...

5.9CVSS5.8AI score0.00649EPSS
Exploits0References2
OSV
OSV
added 2023/01/20 11:36 p.m.4 views

GHSA-M4CH-RFV5-X5G3 git2-rs fails to verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to...

6.8CVSS5.9AI score0.0058EPSS
Exploits0References6
NVD
NVD
added 2023/01/12 10:15 p.m.13 views

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.7CVSS7.6AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2023/01/12 10:15 p.m.6 views

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.7CVSS5.8AI score0.00376EPSS
Exploits0References1
Prion
Prion
added 2023/01/12 10:15 p.m.13 views

Code injection

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

3.6CVSS7.5AI score0.00376EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2023/01/12 7:36 a.m.42 views

CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.3CVSS5.7AI score0.00649EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/12 12:0 a.m.5 views

CVE-2017-5242 Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.2AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.12 views

CVE-2017-5242 Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

7.6AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2023/01/11 9:15 p.m.6 views

AZL-12969 CVE-2022-46176 affecting package rust for versions less than 1.68.2-1

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.9CVSS5.7AI score0.00649EPSS
Exploits0References1
OSV
OSV
added 2023/01/11 9:15 p.m.2 views

ALPINE-CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.9CVSS5.4AI score0.00649EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/01/11 8:7 p.m.37 views

CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.9CVSS5.5AI score0.00649EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/01/11 8:7 p.m.7 views

CVE-2022-46176 Cargo did not verify SSH host keys

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.3CVSS5.7AI score0.00649EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/01/11 8:7 p.m.24 views

CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.9CVSS5.2AI score0.00649EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/01/11 12:0 a.m.55 views

CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.9CVSS6.1AI score0.00649EPSS
Exploits0References3
Hacker One
Hacker One
added 2023/01/07 1:5 a.m.82 views

curl: libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass

Summary: If libcurl is built against libssh CURLOPTSSHHOSTPUBLICKEYSHA256 is quietly ignored. As a result a SSH connection will be established even if the SHA256 key set doesn't match. Steps To Reproduce: 1. configure libcurl with libssh and build it 2. curl --hostpubsha256 HOSTFINGERPRINTHERE...

0.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/12/14 12:0 a.m.7 views

The vulnerability of the SSH Host Key Verification component of the Jenkins Git Client Plugin allows a perpetrator to execute a “man-in-the-middle” type attack.

The vulnerability of the SSH Host Key Verification component in the Jenkins Git Client Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” attack remotely...

4.8CVSS7.5AI score0.00783EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/23 5:59 p.m.5 views

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

8.1CVSS7.2AI score0.00783EPSS
Exploits0References6
Rows per page
Query Builder