SB2025022127 - SUSE update for brise
Published: February 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper authorization (CVE-ID: CVE-2024-45337)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to improper authorization caused by improper usage of the ServerConfig.PublicKeyCallback callback. A remote attacker can bypass authorization in certain cases and gain access to the application.
2) Improper neutralization of argument delimiters in a command (CVE-ID: CVE-2025-21613)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation when handling URL field in arguments passed to the git-upload-pack command. A remote attacker can trick the victim into passing a specially crafted URL as a flag to the affected command and manipulate arguments for the git-upload-pack command, which can result in information disclosure.
Remediation
Install update from vendor's website.