CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.8%
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be
incompletely applied. When destination constraints are specified during
addition of PKCS#11-hosted private keys, these constraints are only applied
to the first key, even if a PKCS#11 token returns multiple keys.
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
mdeslaur | destination constraints were added in 8.9 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | openssh | < 1:8.9p1-3ubuntu0.6 | UNKNOWN |
ubuntu | 23.04 | noarch | openssh | < 1:9.0p1-1ubuntu8.7 | UNKNOWN |
ubuntu | 23.10 | noarch | openssh | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
ubuntu | 24.04 | noarch | openssh | < 1:9.6p1-3ubuntu1 | UNKNOWN |
ubuntu | 18.04 | noarch | openssh-ssh1 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | openssh-ssh1 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | openssh-ssh1 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | openssh-ssh1 | < any | UNKNOWN |