CVE-2024-39223

Published: Jul 3, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (6)

https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a

Source: cve@mitre.org

https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229

Source: cve@mitre.org

https://github.com/ginuerzh/gost/issues/1034

Source: cve@mitre.org

https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ginuerzh/gost/issues/1034

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.