CVE-2023-51384 - Vulnerability Details - OpenCVE

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Openbsd	Openssh

Configuration 1 [-]

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-5586-1	openssh security update
Ubuntu USN	USN-6565-1	OpenSSH vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Mar/21
https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
https://nvd.nist.gov/vuln/detail/CVE-2023-51384
https://security.netapp.com/advisory/ntap-20240105-0005/
https://support.apple.com/kb/HT214084
https://www.cve.org/CVERecord?id=CVE-2023-51384
https://www.debian.org/security/2023/dsa-5586
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00038}`	epss `{'score': 0.00039}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-18T00:00:00

Updated: 2024-08-02T22:32:09.165Z

Reserved: 2023-12-18T00:00:00

Link: CVE-2023-51384

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-18T19:15:08.720

Modified: 2024-11-21T08:37:59.780

Link: CVE-2023-51384

Redhat

Severity : Low

Publid Date: 2023-12-18T00:00:00Z

Links: CVE-2023-51384 - Bugzilla

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-51384", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T22:32:09.165Z", "dateReserved": "2023-12-18T00:00:00", "datePublished": "2023-12-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-13T21:08:06.929696"}, "descriptions": [{"lang": "en", "value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.openssh.com/txt/release-9.6"}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"}, {"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}, {"name": "DSA-5586", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"}, {"url": "https://support.apple.com/kb/HT214084"}, {"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.165Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openssh.com/txt/release-9.6", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "tags": ["x_transferred"]}, {"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b", "tags": ["x_transferred"]}, {"name": "DSA-5586", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"url": "https://security.netapp.com/advisory/ntap-20240105-0005/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214084", "tags": ["x_transferred"]}, {"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "D91DE00B-AE34-46AC-A5B3-C40A4C1F4C17", "versionEndExcluding": "9.6", "versionStartIncluding": "8.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."}, {"lang": "es", "value": "En ssh-agent en OpenSSH anterior a 9.6, ciertas restricciones de destino se pueden aplicar de forma incompleta. Cuando se especifican restricciones de destino durante la adici\u00f3n de claves privadas alojadas en PKCS#11, estas restricciones solo se aplican a la primera clave, incluso si un token PKCS#11 devuelve varias claves."}], "id": "CVE-2023-51384", "lastModified": "2024-11-21T08:37:59.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-18T19:15:08.720", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240105-0005/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT214084"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.openssh.com/txt/release-9.6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Release Notes"], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240105-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT214084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.openssh.com/txt/release-9.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes"], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openssh: destination constraints only apply to first PKCS#11 key", "id": "2255268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255268"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-304", "details": ["In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", "A flaw was found in OpenSSH. When specifying destination constraints while adding PKCS#11-hosted private keys, the constraints only apply to the first key even in cases where the token returns multiple keys."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-51384", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-51384\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-51384"], "statement": "This vulnerability only applies to instances where destination constraints are defined and multiple keys are returned from a PKCS#11 token. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected.\nThe affected functionality was added only in OpenSSH 8.9, we have earlier version in Red Hat Enterprise Linux 6, 7, 8 and 9.", "threat_severity": "Low"}