CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.8%
OpenSSH is vulnerable to Improper Authentication. The vulnerability is due to destination constraints being incompletely applied due to their limitation to the first key when a PKCS#11 token returns multiple keys, even though these constraints are specified during the addition of PKCS#11-hosted private keys.
seclists.org/fulldisclosure/2024/Mar/21
github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
secdb.alpinelinux.org/v3.17/main.yaml
security.netapp.com/advisory/ntap-20240105-0005/
support.apple.com/kb/HT214084
www.debian.org/security/2023/dsa-5586
www.openssh.com/txt/release-9.6
www.openwall.com/lists/oss-security/2023/12/18/2