{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-51384", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T22:32:09.165Z", "dateReserved": "2023-12-18T00:00:00", "datePublished": "2023-12-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-13T21:08:06.929696"}, "descriptions": [{"lang": "en", "value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.openssh.com/txt/release-9.6"}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"}, {"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}, {"name": "DSA-5586", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"}, {"url": "https://support.apple.com/kb/HT214084"}, {"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.165Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openssh.com/txt/release-9.6", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "tags": ["x_transferred"]}, {"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b", "tags": ["x_transferred"]}, {"name": "DSA-5586", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"url": "https://security.netapp.com/advisory/ntap-20240105-0005/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214084", "tags": ["x_transferred"]}, {"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "D91DE00B-AE34-46AC-A5B3-C40A4C1F4C17", "versionEndExcluding": "9.6", "versionStartIncluding": "8.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."}, {"lang": "es", "value": "En ssh-agent en OpenSSH anterior a 9.6, ciertas restricciones de destino se pueden aplicar de forma incompleta. Cuando se especifican restricciones de destino durante la adici\u00f3n de claves privadas alojadas en PKCS#11, estas restricciones solo se aplican a la primera clave, incluso si un token PKCS#11 devuelve varias claves."}], "id": "CVE-2023-51384", "lastModified": "2024-11-21T08:37:59.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-18T19:15:08.720", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240105-0005/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT214084"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.openssh.com/txt/release-9.6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Release Notes"], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240105-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT214084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.openssh.com/txt/release-9.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes"], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openssh: destination constraints only apply to first PKCS#11 key", "id": "2255268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255268"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-304", "details": ["In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", "A flaw was found in OpenSSH. When specifying destination constraints while adding PKCS#11-hosted private keys, the constraints only apply to the first key even in cases where the token returns multiple keys."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-51384", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-51384\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-51384"], "statement": "This vulnerability only applies to instances where destination constraints are defined and multiple keys are returned from a PKCS#11 token. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected.\nThe affected functionality was added only in OpenSSH 8.9, we have earlier version in Red Hat Enterprise Linux 6, 7, 8 and 9.", "threat_severity": "Low"}