Описание
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target hosts to which the "account B" has access.
EPSS
Процентиль: 39%
0.00177
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 9.8
github
около 1 года назад
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target hosts to which the "account B" has access.
EPSS
Процентиль: 39%
0.00177
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-20