Описание
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
Ссылки
- Vendor AdvisoryPatch
- Vendor Advisory
- ExploitThird Party AdvisoryIssue Tracking
- Mailing ListThird Party AdvisoryPatch
Уязвимые конфигурации
EPSS
3.1 Low
CVSS3
Дефекты
Связанные уязвимости
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
When doing SSH-based transfers using either SCP or SFTP, and asked to ...
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
Уязвимость программного средства для взаимодействия с серверами cURL, связанная с недостатками процедуры аутентификации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
EPSS
3.1 Low
CVSS3