Описание
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not compiled |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | released | 7.58.0-2ubuntu3.24+esm7 |
| esm-infra/focal | released | 7.68.0-1ubuntu2.25+esm2 |
| esm-infra/xenial | not-affected | code not present |
| jammy | released | 7.81.0-1ubuntu1.22 |
| noble | released | 8.5.0-2ubuntu10.7 |
| plucky | not-affected | code not compiled |
| questing | not-affected | code not compiled |
| upstream | released | 8.18.0-1 |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
When doing SSH-based transfers using either SCP or SFTP, and setting t ...
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
Уязвимость библиотеки libcurl программного средства для взаимодействия с серверами cURL, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
EPSS
5.3 Medium
CVSS3