Lucene search
HistoryMar 17, 2023 - 4:15 a.m.
CVE-2023-28531
cve-2023-28531
openssh
ssh-add
smartcard keys
vulnerability
ssh-agent
per-hop destination constraints
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.7%
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
Affected configurations
Node
openbsdopensshRange8.9–9.3
Node
netappbrocade_fabric_operating_systemMatch-
ORnetapphci_bootstrap_osMatch-
ORnetappsolidfire_element_osMatch-
Related
alpinelinux
alpinelinux
CVE-2023-28531
2023-03-17 04:15:14
nessus
nessus
OpenSSH < 9.3 Multiple Vulnerabilities
2023-03-24 00:00:00
FreeBSD : FreeBSD -- ssh-add does not honor per-hop destination constraints (e31a8f8e-47bf-11ee-8e38-002590c1f29c)
2023-08-31 00:00:00
CBL Mariner 2.0 Security Update: openssh (CVE-2023-28531)
2024-07-03 00:00:00
osv
osv
CVE-2023-28531
2023-03-17 04:15:14
openssh vulnerabilities
2023-12-19 13:02:10
veracode
veracode
Privilege Escalation
2023-06-07 06:26:47
cvelist
cvelist
CVE-2023-28531
2023-03-17 00:00:00
openvas
openvas
Fedora: Security Advisory for openssh (FEDORA-2024-2aac54ebb7)
2024-02-12 00:00:00
OpenBSD OpenSSH 8.9 - 9.2 Unspecified Vulnerability
2023-03-16 00:00:00
Ubuntu: Security Advisory (USN-6560-1)
2023-12-20 00:00:00
prion
prion
Code injection
2023-03-17 04:15:00
cve
cve
CVE-2023-28531
2023-03-17 04:15:14
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:05.openssh
2023-06-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-28531 affecting package openssh 8.9p1-1
2023-06-27 21:25:25
CVE-2023-28531 affecting package openssh for versions less than 8.9p1-5
2024-06-28 17:07:09
freebsd
freebsd
FreeBSD -- ssh-add does not honor per-hop destination constraints
2023-06-21 00:00:00
ubuntucve
ubuntucve
CVE-2023-28531
2023-03-17 00:00:00
debiancve
debiancve
CVE-2023-28531
2023-03-17 04:15:14
f5
f5
K000133517 : OpenSSH vulnerability CVE-2023-28531
2023-04-14 00:00:00
redhatcve
redhatcve
CVE-2023-28531
2023-03-17 12:43:10
redos
redos
ROS-20230911-06
2023-09-11 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: openssh-9.0p1-19.fc38
2024-02-12 01:52:39
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0444
2023-08-02 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0018
2023-06-06 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2023-12-19 00:00:00
cloudfoundry
cloudfoundry
USN-6560-1: OpenSSH vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
gentoo
gentoo
OpenSSH: Remote Code Execution
2023-07-20 00:00:00
debian
debian
[SECURITY] [DSA 5586-1] openssh security update
2023-12-22 08:59:42
ibm
ibm
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.7%
Related for NVD:CVE-2023-28531