SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2023:4412-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:4412-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has not tested for this issue but has instead...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : salt (SUSE-SU-2023:4388-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4388-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has...

AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

CVE-2023-45140

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

Authorization

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

CVE-2023-45140 Group-based JIT MFA bypass on scp and sftp in The Bastion

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

CVE-2023-45140

CVE-2023-45140 describes a bypass in The Bastion where SCP/SFTP plugins do not honor group-based JIT MFA, allowing a group access with MFA enforced to establish a connection without an extra factor. This affects per-group-based JIT MFA; Immediate MFA, per-plugin JIT MFA, and per-account JIT MFA a...

CVE-2023-45140 Group-based JIT MFA bypass on scp and sftp in The Bastion

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

Fedora 37 : salt (2023-89e8f3efc5)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-89e8f3efc5 advisory. Fix for CVE-2023-34049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

libssh: authorization bypass in pki_verify_data_signature

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update

An update for cloud-init is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: TELNET option IAC injection CVE-2023-27533 curl: SFTP...

Fedora 39 : python-cryptography / rust-asn1 / rust-asn1_derive (2023-31d5d51a2d)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-31d5d51a2d advisory. - Update python-cryptography to 41.0.3, https://cryptography.io/en/latest/changelog/ - Security fix for CVE-2023-3832 SSH certificate encoding/parsi...

ALSA-2023:6679 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: TELNET option IAC injection CVE-2023-27533 curl: SFTP...

ALSA-2023:6371 Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

ALSA-2023:6643 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: NULL pointer dereference during rekeying with algorithm guessing CVE-2023-1667 libssh: authorization bypass in pkiverifydatasignature CVE-2023-2283 For more...