CVE-2024-34713 sshproxy vulnerable to SSH option injection

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are...

CVE-2024-4871 Foreman: host ssh key not being checked in remote execution

A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack MITM, denial of...

CVE-2024-4871 Foreman: host ssh key not being checked in remote execution

A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack MITM, denial of...

CVE-2024-4871

Satellite (Foreman) remote execution vulnerability: when running a remote job, the host SSH key is not checked due to -o StrictHostKeyChecking=no, enabling potential MITM, DoS, and secret leakage. Affected: Red Hat Satellite/Foreman; root cause: SSH key verification disabled in remote execution w...

CVE-2024-4871

A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack MITM, denial of...

Red Hat Satellite 安全漏洞

Red Hat Satellite is a suite of system management platforms from Red Hat, an American company. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satelli...

Mageia: Security Advisory (MGASA-2024-0174)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : ssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 Note that Nessus has not tested for this...

RHEL 7 : ssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 Note that Nessus has not tested for this...

RHEL 6 : cloud-init (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 - cloud-init through...

Citrix Hypervisor Security Update for CVE-2024-31497

Description of Problem Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR included a 3rd-party component, PuTTY, that is used to enable SSH connections from XenCenter to guest VMs when the “Open SSH Console” button is selected. The inclusion of PuTTY with XenCenter for Citrix Hypervisor 8.2...

Improper Authorization

org.jenkins-ci.plugins: git-server is vulnerable to Improper Authorization. The vulnerability is due to improper permission checks for read access to a Git repository over SSH. This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git...

Improper Access Control

org.jenkins-ci.plugins: script-security is vulnerable to Improper Access Control. The vulnerability is due to improper permission checks during read access to a Git repository over SSH. This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access...

Debian: Security Advisory (DSA-5682-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization...

SUSE: Security Advisory (SUSE-SU-2024:0890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Man-in-the-Middle (MITM)

Salt vulnerable to Man-in-the-Middle MITM. The vulnerability is due to the absence of SSH host key validation in the default configuration of salt-ssh, which can be exploited by attackers to carry out man-in-the-middle attacks...

CVE-2024-34146

A flaw was found in the Jenkins Git server Plugin, involving inadequate permission validation for reading Git repositories over SSH. Through the manipulation of crafted requests, a malicious actor can attain unauthorized read access to a Git repository over SSH. Subsequently, they could utilize...

GHSA-XH9C-VCF9-H94M Jenkins Git server Plugin does not perform a permission check

Jenkins Git server Plugin 114.v068ac7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH. This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories. Git server Plugin...

Jenkins Git server Plugin does not perform a permission check

Jenkins Git server Plugin 114.v068ac7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH. This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories. Git server Plugin...