Security Vulnerability Detected
Dependency: paramiko
Criticality: CRITICAL (Score: undefined)
Vulnerability Details
Name: CVE-2018-7750
Description:
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2018-7750\"],\"published\":\"2018-03-13T18:29:00.303\",\"lastModified\":\"2024-11-21T04:12:39.650\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":5.9,\"weaknesses\":[\"CWE-287\"]}"
Security Vulnerability Detected
Dependency:
paramikoCriticality: CRITICAL (Score: undefined)
Vulnerability Details
Name: CVE-2018-7750
Description:
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2018-7750\"],\"published\":\"2018-03-13T18:29:00.303\",\"lastModified\":\"2024-11-21T04:12:39.650\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":5.9,\"weaknesses\":[\"CWE-287\"]}"