Vulnerability-Lookup

CVE-2022-24302 (GCVE-0-2022-24302)

Vulnerability from cvelistv5 – Published: 2022-03-17 21:02 – Updated: 2025-12-16 01:31

Summary

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/paramiko/paramiko/blob/363a28d…	x_refsource_MISC
https://www.paramiko.org/changelog.html	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-16T01:31:54.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.paramiko.org/changelog.html"
          },
          {
            "name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
          },
          {
            "name": "FEDORA-2022-bb5c461682",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/"
          },
          {
            "name": "FEDORA-2022-8eb95d8611",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/"
          },
          {
            "name": "FEDORA-2022-806492f1d1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
          },
          {
            "name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-12T11:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.paramiko.org/changelog.html"
        },
        {
          "name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
        },
        {
          "name": "FEDORA-2022-bb5c461682",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/"
        },
        {
          "name": "FEDORA-2022-8eb95d8611",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/"
        },
        {
          "name": "FEDORA-2022-806492f1d1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
        },
        {
          "name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-24302",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546",
              "refsource": "MISC",
              "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
            },
            {
              "name": "https://www.paramiko.org/changelog.html",
              "refsource": "MISC",
              "url": "https://www.paramiko.org/changelog.html"
            },
            {
              "name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
            },
            {
              "name": "FEDORA-2022-bb5c461682",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/"
            },
            {
              "name": "FEDORA-2022-8eb95d8611",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/"
            },
            {
              "name": "FEDORA-2022-806492f1d1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
            },
            {
              "name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24302",
    "datePublished": "2022-03-17T21:02:10.000Z",
    "dateReserved": "2022-02-02T00:00:00.000Z",
    "dateUpdated": "2025-12-16T01:31:54.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-24302",
      "date": "2026-05-20",
      "epss": "0.00727",
      "percentile": "0.72819"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.10.1\", \"matchCriteriaId\": \"D4A22226-7893-44C5-A94F-F73111EE248A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.\"}, {\"lang\": \"es\", \"value\": \"En Paramiko versiones anteriores a 2.10.1, una condici\\u00f3n de carrera (entre creation y chmod) en la funci\\u00f3n write_private_key_file podr\\u00eda permitir una divulgaci\\u00f3n de informaci\\u00f3n no autorizada\"}]",
      "id": "CVE-2022-24302",
      "lastModified": "2024-11-21T06:50:07.723",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-03-17T22:15:08.900",
      "references": "[{\"url\": \"https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24302\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-03-17T22:15:08.900\",\"lastModified\":\"2025-12-16T02:15:46.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.\"},{\"lang\":\"es\",\"value\":\"En Paramiko versiones anteriores a 2.10.1, una condici\u00f3n de carrera (entre creation y chmod) en la funci\u00f3n write_private_key_file podr\u00eda permitir una divulgaci\u00f3n de informaci\u00f3n no autorizada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.1\",\"matchCriteriaId\":\"D4A22226-7893-44C5-A94F-F73111EE248A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/12/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-767

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3.x antérieures à 7.3.3 Fix Pack 12
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 Update Pack 2
IBM	Spectrum	IBM Spectrum Discover versions antérieures à 2.0.4.7
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 Fix Pack 6

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6614909 du 23 août 2022	None	vendor-advisory
Bulletin de sécurité IBM 6614725 du 23 août 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2021-20180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2022-24407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
    },
    {
      "name": "CVE-2020-25658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
    },
    {
      "name": "CVE-2020-15084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-3677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-24773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2020-7720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
    },
    {
      "name": "CVE-2022-24302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
    },
    {
      "name": "CVE-2020-14330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
    },
    {
      "name": "CVE-2021-42581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-43859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2021-41496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2021-46462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
    },
    {
      "name": "CVE-2021-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
    },
    {
      "name": "CVE-2021-23386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
    },
    {
      "name": "CVE-2022-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
    },
    {
      "name": "CVE-2019-18874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-1214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
    },
    {
      "name": "CVE-2022-24772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2021-34429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
    },
    {
      "name": "CVE-2022-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-24771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
    },
    {
      "name": "CVE-2021-44907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
    },
    {
      "name": "CVE-2017-1000048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
    },
    {
      "name": "CVE-2021-46461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2020-13757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
    },
    {
      "name": "CVE-2020-7598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
    },
    {
      "name": "CVE-2021-3533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
    },
    {
      "name": "CVE-2021-46463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
    },
    {
      "name": "CVE-2017-16137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
    },
    {
      "name": "CVE-2022-26488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    },
    {
      "name": "CVE-2020-28463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-767",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614909"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614725"
    }
  ]
}

CERTFR-2025-AVI-0214

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cloud Pak System	Cloud Pak System versions antérieures à v2.3.4.1 pour Intel
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.16
IBM	Sterling	Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4
IBM	Cloud Pak System	Cloud Pak System versions antérieures à v2.3.5.0 pour Power
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03
IBM	Sterling	Sterling B2B Integrator versions antérieures à 6.1.2.7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7185937	2025-03-14	vendor-advisory
Bulletin de sécurité IBM 7185675	2025-03-13	vendor-advisory
Bulletin de sécurité IBM 7185257	2025-03-10	vendor-advisory
Bulletin de sécurité IBM 7185938	2025-03-14	vendor-advisory
Bulletin de sécurité IBM 7185353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2022-48564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-11187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2024-45638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
    },
    {
      "name": "CVE-2023-46234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2023-32762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
    },
    {
      "name": "CVE-2022-48565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2025-22150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2023-32763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
    },
    {
      "name": "CVE-2022-24302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
    },
    {
      "name": "CVE-2025-1244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2022-48566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2024-27306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2024-27268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2022-48560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
    },
    {
      "name": "CVE-2024-45643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
    },
    {
      "name": "CVE-2023-32573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2024-53104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2024-0690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
    },
    {
      "name": "CVE-2022-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2022-4742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0214",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-03-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
      "url": "https://www.ibm.com/support/pages/node/7185937"
    },
    {
      "published_at": "2025-03-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
      "url": "https://www.ibm.com/support/pages/node/7185675"
    },
    {
      "published_at": "2025-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
      "url": "https://www.ibm.com/support/pages/node/7185257"
    },
    {
      "published_at": "2025-03-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
      "url": "https://www.ibm.com/support/pages/node/7185938"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
      "url": "https://www.ibm.com/support/pages/node/7185353"
    }
  ]
}

CERTFR-2022-AVI-767

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3.x antérieures à 7.3.3 Fix Pack 12
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 Update Pack 2
IBM	Spectrum	IBM Spectrum Discover versions antérieures à 2.0.4.7
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 Fix Pack 6

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6614909 du 23 août 2022	None	vendor-advisory
Bulletin de sécurité IBM 6614725 du 23 août 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2021-20180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2022-24407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
    },
    {
      "name": "CVE-2020-25658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
    },
    {
      "name": "CVE-2020-15084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-3677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-24773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2020-7720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
    },
    {
      "name": "CVE-2022-24302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
    },
    {
      "name": "CVE-2020-14330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
    },
    {
      "name": "CVE-2021-42581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-43859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2021-41496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2021-46462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
    },
    {
      "name": "CVE-2021-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
    },
    {
      "name": "CVE-2021-23386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
    },
    {
      "name": "CVE-2022-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
    },
    {
      "name": "CVE-2019-18874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-1214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
    },
    {
      "name": "CVE-2022-24772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2021-34429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
    },
    {
      "name": "CVE-2022-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-24771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
    },
    {
      "name": "CVE-2021-44907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
    },
    {
      "name": "CVE-2017-1000048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
    },
    {
      "name": "CVE-2021-46461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2020-13757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
    },
    {
      "name": "CVE-2020-7598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
    },
    {
      "name": "CVE-2021-3533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
    },
    {
      "name": "CVE-2021-46463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
    },
    {
      "name": "CVE-2017-16137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
    },
    {
      "name": "CVE-2022-26488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    },
    {
      "name": "CVE-2020-28463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-767",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614909"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614725"
    }
  ]
}

CERTFR-2025-AVI-0214

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cloud Pak System	Cloud Pak System versions antérieures à v2.3.4.1 pour Intel
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.16
IBM	Sterling	Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4
IBM	Cloud Pak System	Cloud Pak System versions antérieures à v2.3.5.0 pour Power
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03
IBM	Sterling	Sterling B2B Integrator versions antérieures à 6.1.2.7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7185937	2025-03-14	vendor-advisory
Bulletin de sécurité IBM 7185675	2025-03-13	vendor-advisory
Bulletin de sécurité IBM 7185257	2025-03-10	vendor-advisory
Bulletin de sécurité IBM 7185938	2025-03-14	vendor-advisory
Bulletin de sécurité IBM 7185353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2022-48564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-11187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2024-45638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
    },
    {
      "name": "CVE-2023-46234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2023-32762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
    },
    {
      "name": "CVE-2022-48565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2025-22150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2023-32763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
    },
    {
      "name": "CVE-2022-24302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
    },
    {
      "name": "CVE-2025-1244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2022-48566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2024-27306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2024-27268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2022-48560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
    },
    {
      "name": "CVE-2024-45643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
    },
    {
      "name": "CVE-2023-32573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2024-53104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2024-0690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
    },
    {
      "name": "CVE-2022-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2022-4742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0214",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-03-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
      "url": "https://www.ibm.com/support/pages/node/7185937"
    },
    {
      "published_at": "2025-03-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
      "url": "https://www.ibm.com/support/pages/node/7185675"
    },
    {
      "published_at": "2025-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
      "url": "https://www.ibm.com/support/pages/node/7185257"
    },
    {
      "published_at": "2025-03-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
      "url": "https://www.ibm.com/support/pages/node/7185938"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
      "url": "https://www.ibm.com/support/pages/node/7185353"
    }
  ]
}

BDU:2022-01897

Vulnerability from fstec - Published: 28.03.2022

Title

Уязвимость реализации протокола SSHv2 библиотеки Paramiko, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю получить доступ к конфиденциальной информации

Description

Уязвимость реализации протокола SSHv2 библиотеки Paramiko связана с ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю, получить доступ к конфиденциальной информации

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Fedora Project, ООО «Ред Софт», ФССП России, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Fedora, РЕД ОС (запись в едином реестре российских программ №3751), ОС ТД АИС ФССП России, Paramiko, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 34 (Fedora), 35 (Fedora), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), ИК6 (ОС ТД АИС ФССП России), 36 (Fedora), до 2.10.1 (Paramiko), 4.7 (Astra Linux Special Edition), до 2.6 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Paramiko: Обновление программного обеспечения до версии 2.10.1 и выше Для Debian GNU/Linux: https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/ Для ОС ТД АИС ФССП России: https://goslinux.fssp.gov.ru/2726972/ Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения paramiko до версии 2.4.2-0.1+deb10u1 Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17 Для Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет paramiko до 2.0.0-1+deb9u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения paramiko до версии 2.0.0-1+deb9u2 Для ОС Astra Linux: обновить пакет paramiko до 2.6.0-2ubuntu0.3+ci202407031722+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет paramiko до 2.6.0-2ubuntu0.3+ci202407031722+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

Reference

https://redos.red-soft.ru/support/secure/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24302 https://nvd.nist.gov/vuln/detail/CVE-2022-24302 https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546 https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/ https://goslinux.fssp.gov.ru/2726972/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

CWE

CWE-362

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 34 (Fedora), 35 (Fedora), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), \u0418\u041a6 (\u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438), 36 (Fedora), \u0434\u043e 2.10.1 (Paramiko), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Paramiko:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.10.1 \u0438 \u0432\u044b\u0448\u0435\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2022/03/msg00032.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/\n\n\u0414\u043b\u044f \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438:\nhttps://goslinux.fssp.gov.ru/2726972/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f paramiko \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.2-0.1+deb10u1\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 paramiko \u0434\u043e 2.0.0-1+deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f paramiko \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.0-1+deb9u2\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 paramiko \u0434\u043e 2.6.0-2ubuntu0.3+ci202407031722+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 paramiko \u0434\u043e 2.6.0-2ubuntu0.3+ci202407031722+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.03.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01897",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-24302",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438, Paramiko, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 34 , Fedora Project Fedora 35 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u0418\u041a6 , Fedora Project Fedora 36 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSHv2 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Paramiko, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSHv2 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Paramiko \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24302\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24302\nhttps://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546\nhttps://lists.debian.org/debian-lts-announce/2022/03/msg00032.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/\nhttps://goslinux.fssp.gov.ru/2726972/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

FKIE_CVE-2022-24302

Vulnerability from fkie_nvd - Published: 2022-03-17 22:15 - Updated: 2025-12-16 02:15

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

References

URL	Tags
cve@mitre.org	https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546	Exploit, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/
cve@mitre.org	https://www.paramiko.org/changelog.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/12/msg00020.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/
af854a3a-2127-422b-91ae-364da2661108	https://www.paramiko.org/changelog.html	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
paramiko	paramiko	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	34
fedoraproject	fedora	35
fedoraproject	fedora	36

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A22226-7893-44C5-A94F-F73111EE248A",
              "versionEndExcluding": "2.10.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure."
    },
    {
      "lang": "es",
      "value": "En Paramiko versiones anteriores a 2.10.1, una condici\u00f3n de carrera (entre creation y chmod) en la funci\u00f3n write_private_key_file podr\u00eda permitir una divulgaci\u00f3n de informaci\u00f3n no autorizada"
    }
  ],
  "id": "CVE-2022-24302",
  "lastModified": "2025-12-16T02:15:46.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-17T22:15:08.900",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.paramiko.org/changelog.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.paramiko.org/changelog.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F8Q4-JWWW-X3WV

Vulnerability from github – Published: 2022-03-19 00:01 – Updated: 2025-12-20 02:31

Summary

Race Condition in Paramiko

Details

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

8.2 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "paramiko"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "paramiko"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-29T20:52:09Z",
    "nvd_published_at": "2022-03-17T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.",
  "id": "GHSA-f8q4-jwww-x3wv",
  "modified": "2025-12-20T02:31:13Z",
  "published": "2022-03-19T00:01:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24302"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-f8q4-jwww-x3wv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/paramiko/paramiko"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2022-166.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB"
    },
    {
      "type": "WEB",
      "url": "https://www.paramiko.org/changelog.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Race Condition in Paramiko"
}

GSD-2022-24302

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Aliases

CVE-2022-24302

Aliases

CVE-2022-24302

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24302",
    "description": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.",
    "id": "GSD-2022-24302",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-24302.html",
      "https://ubuntu.com/security/CVE-2022-24302",
      "https://advisories.mageia.org/CVE-2022-24302.html",
      "https://access.redhat.com/errata/RHSA-2022:4712",
      "https://access.redhat.com/errata/RHSA-2022:8845",
      "https://access.redhat.com/errata/RHSA-2022:8863"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24302"
      ],
      "details": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.",
      "id": "GSD-2022-24302",
      "modified": "2023-12-13T01:19:42.677994Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-24302",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546",
            "refsource": "MISC",
            "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
          },
          {
            "name": "https://www.paramiko.org/changelog.html",
            "refsource": "MISC",
            "url": "https://www.paramiko.org/changelog.html"
          },
          {
            "name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
          },
          {
            "name": "FEDORA-2022-bb5c461682",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/"
          },
          {
            "name": "FEDORA-2022-8eb95d8611",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/"
          },
          {
            "name": "FEDORA-2022-806492f1d1",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
          },
          {
            "name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.10.1",
          "affected_versions": "All versions before 2.10.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-362",
            "CWE-937"
          ],
          "date": "2022-10-28",
          "description": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the `write_private_key_file` function could allow unauthorized information disclosure.",
          "fixed_versions": [
            "2.10.1"
          ],
          "identifier": "CVE-2022-24302",
          "identifiers": [
            "CVE-2022-24302"
          ],
          "not_impacted": "All versions starting from 2.10.1",
          "package_slug": "pypi/paramiko",
          "pubdate": "2022-03-17",
          "solution": "Upgrade to version 2.10.1 or above.",
          "title": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-24302",
            "https://www.paramiko.org/changelog.html",
            "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546",
            "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
          ],
          "uuid": "94affce4-42bc-4cfe-a68b-b5ab4b8bae88"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.10.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-24302"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.paramiko.org/changelog.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.paramiko.org/changelog.html"
            },
            {
              "name": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
            },
            {
              "name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html"
            },
            {
              "name": "FEDORA-2022-bb5c461682",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/"
            },
            {
              "name": "FEDORA-2022-8eb95d8611",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/"
            },
            {
              "name": "FEDORA-2022-806492f1d1",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/"
            },
            {
              "name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-28T18:13Z",
      "publishedDate": "2022-03-17T22:15Z"
    }
  }
}

OPENSUSE-SU-2024:13300-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

python-paramiko-doc-3.3.1-2.1 on GA media

Severity

Moderate

Notes

Title of the patch: python-paramiko-doc-3.3.1-2.1 on GA media

Description of the patch: These are all security issues fixed in the python-paramiko-doc-3.3.1-2.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13300

CVE-2022-24302

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2022-24302/	self
https://www.suse.com/security/cve/CVE-2022-24302	external
https://bugzilla.suse.com/1197279	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python-paramiko-doc-3.3.1-2.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python-paramiko-doc-3.3.1-2.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13300",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13300-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-24302 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-24302/"
      }
    ],
    "title": "python-paramiko-doc-3.3.1-2.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13300-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-paramiko-doc-3.3.1-2.1.aarch64",
                "product": {
                  "name": "python-paramiko-doc-3.3.1-2.1.aarch64",
                  "product_id": "python-paramiko-doc-3.3.1-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python310-paramiko-3.3.1-2.1.aarch64",
                "product": {
                  "name": "python310-paramiko-3.3.1-2.1.aarch64",
                  "product_id": "python310-paramiko-3.3.1-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-paramiko-3.3.1-2.1.aarch64",
                "product": {
                  "name": "python311-paramiko-3.3.1-2.1.aarch64",
                  "product_id": "python311-paramiko-3.3.1-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-paramiko-3.3.1-2.1.aarch64",
                "product": {
                  "name": "python39-paramiko-3.3.1-2.1.aarch64",
                  "product_id": "python39-paramiko-3.3.1-2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-paramiko-doc-3.3.1-2.1.ppc64le",
                "product": {
                  "name": "python-paramiko-doc-3.3.1-2.1.ppc64le",
                  "product_id": "python-paramiko-doc-3.3.1-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python310-paramiko-3.3.1-2.1.ppc64le",
                "product": {
                  "name": "python310-paramiko-3.3.1-2.1.ppc64le",
                  "product_id": "python310-paramiko-3.3.1-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-paramiko-3.3.1-2.1.ppc64le",
                "product": {
                  "name": "python311-paramiko-3.3.1-2.1.ppc64le",
                  "product_id": "python311-paramiko-3.3.1-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-paramiko-3.3.1-2.1.ppc64le",
                "product": {
                  "name": "python39-paramiko-3.3.1-2.1.ppc64le",
                  "product_id": "python39-paramiko-3.3.1-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-paramiko-doc-3.3.1-2.1.s390x",
                "product": {
                  "name": "python-paramiko-doc-3.3.1-2.1.s390x",
                  "product_id": "python-paramiko-doc-3.3.1-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python310-paramiko-3.3.1-2.1.s390x",
                "product": {
                  "name": "python310-paramiko-3.3.1-2.1.s390x",
                  "product_id": "python310-paramiko-3.3.1-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-paramiko-3.3.1-2.1.s390x",
                "product": {
                  "name": "python311-paramiko-3.3.1-2.1.s390x",
                  "product_id": "python311-paramiko-3.3.1-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-paramiko-3.3.1-2.1.s390x",
                "product": {
                  "name": "python39-paramiko-3.3.1-2.1.s390x",
                  "product_id": "python39-paramiko-3.3.1-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-paramiko-doc-3.3.1-2.1.x86_64",
                "product": {
                  "name": "python-paramiko-doc-3.3.1-2.1.x86_64",
                  "product_id": "python-paramiko-doc-3.3.1-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python310-paramiko-3.3.1-2.1.x86_64",
                "product": {
                  "name": "python310-paramiko-3.3.1-2.1.x86_64",
                  "product_id": "python310-paramiko-3.3.1-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-paramiko-3.3.1-2.1.x86_64",
                "product": {
                  "name": "python311-paramiko-3.3.1-2.1.x86_64",
                  "product_id": "python311-paramiko-3.3.1-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-paramiko-3.3.1-2.1.x86_64",
                "product": {
                  "name": "python39-paramiko-3.3.1-2.1.x86_64",
                  "product_id": "python39-paramiko-3.3.1-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-paramiko-doc-3.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.aarch64"
        },
        "product_reference": "python-paramiko-doc-3.3.1-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-paramiko-doc-3.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.ppc64le"
        },
        "product_reference": "python-paramiko-doc-3.3.1-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-paramiko-doc-3.3.1-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.s390x"
        },
        "product_reference": "python-paramiko-doc-3.3.1-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-paramiko-doc-3.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.x86_64"
        },
        "product_reference": "python-paramiko-doc-3.3.1-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-paramiko-3.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.aarch64"
        },
        "product_reference": "python310-paramiko-3.3.1-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-paramiko-3.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.ppc64le"
        },
        "product_reference": "python310-paramiko-3.3.1-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-paramiko-3.3.1-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.s390x"
        },
        "product_reference": "python310-paramiko-3.3.1-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-paramiko-3.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.x86_64"
        },
        "product_reference": "python310-paramiko-3.3.1-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-paramiko-3.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.aarch64"
        },
        "product_reference": "python311-paramiko-3.3.1-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-paramiko-3.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.ppc64le"
        },
        "product_reference": "python311-paramiko-3.3.1-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-paramiko-3.3.1-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.s390x"
        },
        "product_reference": "python311-paramiko-3.3.1-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-paramiko-3.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.x86_64"
        },
        "product_reference": "python311-paramiko-3.3.1-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-paramiko-3.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.aarch64"
        },
        "product_reference": "python39-paramiko-3.3.1-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-paramiko-3.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.ppc64le"
        },
        "product_reference": "python39-paramiko-3.3.1-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-paramiko-3.3.1-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.s390x"
        },
        "product_reference": "python39-paramiko-3.3.1-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-paramiko-3.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.x86_64"
        },
        "product_reference": "python39-paramiko-3.3.1-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24302",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-24302"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.aarch64",
          "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.ppc64le",
          "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.s390x",
          "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.x86_64",
          "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.aarch64",
          "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.ppc64le",
          "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.s390x",
          "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.x86_64",
          "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.aarch64",
          "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.ppc64le",
          "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.s390x",
          "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.x86_64",
          "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.aarch64",
          "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.s390x",
          "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-24302",
          "url": "https://www.suse.com/security/cve/CVE-2022-24302"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197279 for CVE-2022-24302",
          "url": "https://bugzilla.suse.com/1197279"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.x86_64",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.x86_64",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.x86_64",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python-paramiko-doc-3.3.1-2.1.x86_64",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python310-paramiko-3.3.1-2.1.x86_64",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python311-paramiko-3.3.1-2.1.x86_64",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.aarch64",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.s390x",
            "openSUSE Tumbleweed:python39-paramiko-3.3.1-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-24302"
    }
  ]
}

PYSEC-2022-166

Vulnerability from pysec - Published: 2022-03-17 22:15 - Updated: 2022-05-17 03:06

Details

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Impacted products

Name	purl
paramiko	pkg:pypi/paramiko

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "paramiko",
        "purl": "pkg:pypi/paramiko"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.3"
            },
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1-bulbasaur",
        "0.1-charmander",
        "0.9-doduo",
        "0.9-eevee",
        "0.9-fearow",
        "0.9-gyarados",
        "0.9-horsea",
        "0.9-ivysaur",
        "1.0",
        "1.1",
        "1.10.0",
        "1.10.1",
        "1.10.2",
        "1.10.3",
        "1.10.4",
        "1.10.5",
        "1.10.6",
        "1.10.7",
        "1.11.0",
        "1.11.1",
        "1.11.2",
        "1.11.3",
        "1.11.4",
        "1.11.5",
        "1.11.6",
        "1.12.0",
        "1.12.1",
        "1.12.2",
        "1.12.3",
        "1.12.4",
        "1.13.0",
        "1.13.1",
        "1.13.2",
        "1.13.3",
        "1.13.4",
        "1.14.0",
        "1.14.1",
        "1.14.2",
        "1.14.3",
        "1.15.0",
        "1.15.1",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "1.15.5",
        "1.16.0",
        "1.16.1",
        "1.16.2",
        "1.16.3",
        "1.17.0",
        "1.17.1",
        "1.17.2",
        "1.17.3",
        "1.17.4",
        "1.17.5",
        "1.17.6",
        "1.18.0",
        "1.18.1",
        "1.18.2",
        "1.18.3",
        "1.18.4",
        "1.18.5",
        "1.2",
        "1.3",
        "1.3.1",
        "1.4",
        "1.5.1",
        "1.5.2",
        "1.5.4",
        "1.6",
        "1.6.1",
        "1.6.2",
        "1.6.3",
        "1.6.4",
        "1.7",
        "1.7.1",
        "1.7.2",
        "1.7.4",
        "1.7.5",
        "1.7.6",
        "1.7.7.1",
        "1.7.7.2",
        "1.8.0",
        "1.8.1",
        "1.9.0",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.0.4",
        "2.0.5",
        "2.0.6",
        "2.0.7",
        "2.0.8",
        "2.0.9",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.1.5",
        "2.1.6",
        "2.10.0",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.2.4",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.4.0",
        "2.4.1",
        "2.4.2",
        "2.4.3",
        "2.5.0",
        "2.5.1",
        "2.6.0",
        "2.7.0",
        "2.7.1",
        "2.7.2",
        "2.8.0",
        "2.8.1",
        "2.9.0",
        "2.9.1",
        "2.9.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24302",
    "GHSA-f8q4-jwww-x3wv"
  ],
  "details": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.",
  "id": "PYSEC-2022-166",
  "modified": "2022-05-17T03:06:38.700744Z",
  "published": "2022-03-17T22:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.paramiko.org/changelog.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-f8q4-jwww-x3wv"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24302 (GCVE-0-2022-24302)

Solution

Solutions

Solution

Solutions

Tags

Sightings

Nomenclature