9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
46.7%
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the
intended per-hop destination constraints. The earliest affected version is
8.9.
Author | Note |
---|---|
Priority reason: Only affects configurations using agent forwarding, smartcard keys, and per-hop destination constraints. Policy bypass only. | |
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
sbeattie | introduced in openssh 8.9 |