6.9 MEDIUM
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): Low (L)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.
Affected products
- <26.2.0
- <26.2.0
Matching in nixpkgs
pkgs.cmc
Manages SSH ControlMaster sessions
pkgs.cmctl
Command line utility to interact with a cert-manager instalation on Kubernetes
pkgs.scmccid
PCSC drivers for linux, for the SCM SCR3310 v2.0 card and others
pkgs.adguardian
Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home instance
pkgs.pcmciaUtils
None
pkgs.pcmciautils
None
pkgs.haskellPackages.mcmc
Sample from a posterior using Markov chain Monte Carlo
pkgs.haskellPackages.mcmc-types
Common types for sampling
pkgs.python313Packages.aioguardian
Python library to interact with Elexa Guardian devices
pkgs.python314Packages.aioguardian
Python library to interact with Elexa Guardian devices
pkgs.python313Packages.pygitguardian
Library to access the GitGuardian API
-
nixos-unstable -
- nixos-unstable-small 1.32.0
pkgs.python314Packages.pygitguardian
Library to access the GitGuardian API
-
nixos-unstable -
- nixos-unstable-small 1.32.0
pkgs.python313Packages.django-guardian
Per object permissions for Django
pkgs.python314Packages.django-guardian
Per object permissions for Django
pkgs.python313Packages.djangorestframework-guardian
Django-guardian support for Django REST Framework
Package maintainers
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@chordtoll chordtoll <nix@chordtoll.com>
-
@JoshVanL Josh van Leeuwen < me@joshvanl.dev >
-
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>