Vulnerabilities > CVE-2023-51384

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

openbsd

debian

NVD

Published: 2023-12-18

Updated: 2024-05-16

Summary

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

Vulnerable Configurations

Part	Description	Count
Application	Openbsd Openbsd Openssh 8.9 Openbsd Openssh 9.0 Openbsd Openssh 9.1 Openbsd Openssh 9.2 Openbsd Openssh 9.3 Openbsd Openssh 9.4 Openbsd Openssh 9.5	15
OS	Debian Debian Debian Linux 11.0 Debian Debian Linux 12.0	2

References

https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
https://www.debian.org/security/2023/dsa-5586
https://security.netapp.com/advisory/ntap-20240105-0005/
https://support.apple.com/kb/HT214084
http://seclists.org/fulldisclosure/2024/Mar/21

Vulnerabilities > CVE-2023-51384 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-51384"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-51384