Описание
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1:0.0~git20170629.0.5ef0053-2 |
| cosmic | not-affected | 1:0.0~git20180614.a8fb68e-1 |
| devel | not-affected | 1:0.0~git20180614.a8fb68e-1 |
| disco | not-affected | 1:0.0~git20180614.a8fb68e-1 |
| eoan | not-affected | 1:0.0~git20180614.a8fb68e-1 |
| esm-apps/bionic | not-affected | 1:0.0~git20170629.0.5ef0053-2 |
| esm-apps/focal | not-affected | 1:0.0~git20180614.a8fb68e-1 |
| esm-apps/jammy | not-affected | 1:0.0~git20180614.a8fb68e-1 |
| esm-apps/noble | not-affected | 1:0.0~git20180614.a8fb68e-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | ignored | code not used |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [code not used]] |
| esm-infra/bionic | ignored | code not used |
| esm-infra/focal | ignored | code not used |
| esm-infra/xenial | ignored | code not used |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
The Go SSH library (x/crypto/ssh) by default does not verify host keys ...
golang.org/x/crypto/ssh Man-in-the-Middle attack
Уязвимость библиотеки SSH (x/crypto/ssh) языка программирования Go, позволяющая нарушителю выполнить атаку типа «человек посередине»
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3