Main Vulnerability Database SB2019090103

SB2019090103 - Authentication bypass in py3-paramiko (Alpine package)

Published: September 1, 2019

Security Bulletin ID SB2019090103

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Authentication bypass (CVE-ID: CVE-2018-7750)

The vulnerability allows a remote unauthenticated attacker to bypass authentication.

The weakness exists is due to improper security restrictions. A remote attacker can use a customized SSH client, bypass authentication and gain unauthorized access to resources on the target systemю

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=2190e763cd35bc01dea68937e260424a9e259a24