Описание
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not compiled |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | released | 7.58.0-2ubuntu3.24+esm7 |
| esm-infra/focal | released | 7.68.0-1ubuntu2.25+esm2 |
| esm-infra/xenial | not-affected | code not present |
| jammy | released | 7.81.0-1ubuntu1.22 |
| noble | released | 8.5.0-2ubuntu10.7 |
| plucky | not-affected | code not compiled |
| questing | not-affected | code not compiled |
| upstream | released | 8.18.0-1 |
Показывать по
EPSS
3.1 Low
CVSS3
Связанные уязвимости
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
When doing SSH-based transfers using either SCP or SFTP, and asked to ...
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
Уязвимость программного средства для взаимодействия с серверами cURL, связанная с недостатками процедуры аутентификации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
EPSS
3.1 Low
CVSS3