Описание
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not compiled |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | needed | |
| esm-infra/focal | needed | |
| esm-infra/xenial | not-affected | code not present |
| jammy | needed | |
| noble | needed | |
| plucky | not-affected | code not compiled |
| questing | not-affected | code not compiled |
| upstream | pending | 8.18.0-1 |
Показывать по
5.3 Medium
CVSS3
Связанные уязвимости
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
When doing SSH-based transfers using either SCP or SFTP, and setting t ...
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
5.3 Medium
CVSS3