Skip to content

CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9..This CVE has a CVSS3.1 score of 8.4 and a Base Severity of HIGH.

InfoDetails
CVE IDCVE-2023-28531
CVE StatePUBLISHED
BaseScoreNA
BaseSeverityNA
VectorStringNA
VersionNA

References for CVE-2023-28531 :
https://www.openwall.com/lists/oss-security/2023/03/15/8
https://security.netapp.com/advisory/ntap-20230413-0008/
https://security.gentoo.org/glsa/202307-01

Metric TypeMetric Score
AttackVector(AV)NA
AttackComplexity(AC)NA
PrivilegesRequired(PR)NA
UserInteraction(UI)NA
Scope(S)NA
Confidentiality(C)NA
Availability(A)NA
Integrity(I)NA
Tags: