CVE-2023-28531
Publication date 17 March 2023
Last updated 24 July 2024
Ubuntu priority
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
Read the notes from the security team
Why is this CVE low priority?
Only affects configurations using agent forwarding, smartcard keys, and per-hop destination constraints. Policy bypass only.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openssh | ||
| 22.04 LTS jammy |
Fixed 1:8.9p1-3ubuntu0.5
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| openssh-ssh1 | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
seth-arnold
openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment.
sbeattie
introduced in openssh 8.9
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6560-1
- OpenSSH vulnerabilities
- 19 December 2023