1. CVE-Search
  2. CVE-2023-28531
ID CVE-2023-28531
Summary ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:8.9:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.9:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.9:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:9.0:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:9.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:9.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:9.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:9.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:9.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:9.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:9.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:9.2:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:9.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:9.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:9.2:p1:*:*:*:*:*:*
  • cpe:2.3:o:netapp:solidfire_element_os:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:solidfire_element_os:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:brocade_fabric_operating_system:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:brocade_fabric_operating_system:-:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 12-02-2024 - 03:15
Published 17-03-2023 - 04:15
Last modified 12-02-2024 - 03:15
Back to Top