{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35175", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-10T14:24:24.338Z", "datePublished": "2024-05-14T22:05:11.360Z", "dateUpdated": "2024-08-02T03:07:46.846Z"}, "containers": {"cna": {"title": "sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52"}, {"name": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430", "tags": ["x_refsource_MISC"], "url": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430"}, {"name": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53", "tags": ["x_refsource_MISC"], "url": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53"}], "affected": [{"vendor": "tg123", "product": "sshpiper", "versions": [{"version": ">= 1.0.50, < 1.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-14T22:05:11.360Z"}, "descriptions": [{"lang": "en", "value": "sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection that sshpiper is directly (or in some cases indirectly) exposed to can use proxy protocol to forge its source address. Any users of sshpiper who need logs from it for whitelisting/rate limiting/security investigations could have them become much less useful if an attacker is sending a spoofed source address. Version 1.3.0 contains a patch for the issue."}], "source": {"advisory": "GHSA-4w53-6jvp-gg52", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "tg123", "product": "sshpiper", "cpes": ["cpe:2.3:a:tg123:sshpiper:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.5", "status": "affected", "lessThan": "1.3.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T20:26:15.343208Z", "id": "CVE-2024-35175", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:28:42.252Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.846Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52"}, {"name": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430"}, {"name": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52", "name": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430", "name": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53", "name": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.846Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35175", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T20:26:15.343208Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tg123:sshpiper:*:*:*:*:*:*:*:*"], "vendor": "tg123", "product": "sshpiper", "versions": [{"status": "affected", "version": "1.0.5", "lessThan": "1.3.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:28:19.372Z"}}], "cna": {"title": "sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address", "source": {"advisory": "GHSA-4w53-6jvp-gg52", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "tg123", "product": "sshpiper", "versions": [{"status": "affected", "version": ">= 1.0.50, < 1.3.0"}]}], "references": [{"url": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52", "name": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430", "name": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53", "name": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection that sshpiper is directly (or in some cases indirectly) exposed to can use proxy protocol to forge its source address. Any users of sshpiper who need logs from it for whitelisting/rate limiting/security investigations could have them become much less useful if an attacker is sending a spoofed source address. Version 1.3.0 contains a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-14T22:05:11.360Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35175", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:07:46.846Z", "dateReserved": "2024-05-10T14:24:24.338Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-14T22:05:11.360Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection that sshpiper is directly (or in some cases indirectly) exposed to can use proxy protocol to forge its source address. Any users of sshpiper who need logs from it for whitelisting/rate limiting/security investigations could have them become much less useful if an attacker is sending a spoofed source address. Version 1.3.0 contains a patch for the issue."}, {"lang": "es", "value": "sshpiper es un proxy inverso para sshd. A partir de la versi\u00f3n 1.0.50 y antes de la versi\u00f3n 1.3.0, la forma en que se implementa el escucha del protocolo proxy en sshpiper puede permitir que un atacante falsifique su direcci\u00f3n de conexi\u00f3n. El commit 2ddd69876a1e1119059debc59fe869cb4e754430 agreg\u00f3 el escucha del protocolo proxy como el \u00fanico escucha en sshpiper, sin opci\u00f3n para desactivar esta funcionalidad. Esto significa que cualquier conexi\u00f3n a la que sshpiper est\u00e9 expuesto directamente (o en algunos casos indirectamente) puede utilizar el protocolo proxy para falsificar su direcci\u00f3n de origen. Cualquier usuario de sshpiper que necesite registros del mismo para incluirlos en listas blancas, limitar la velocidad o realizar investigaciones de seguridad podr\u00eda volverlos mucho menos \u00fatiles si un atacante env\u00eda una direcci\u00f3n de origen falsificada. La versi\u00f3n 1.3.0 contiene un parche para el problema."}], "id": "CVE-2024-35175", "lastModified": "2024-05-15T16:40:19.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-14T22:15:10.213", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430"}, {"source": "security-advisories@github.com", "url": "https://github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53"}, {"source": "security-advisories@github.com", "url": "https://github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}