Paramiko
By the Year
In 2022 there have been 1 vulnerability in Paramiko with an average score of 5.9 out of ten. Paramiko did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 1 | 5.90 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 9.30 |
It may take a day or so for new Paramiko vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Paramiko Security Vulnerabilities
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could
CVE-2022-24302
5.9 - Medium
- March 17, 2022
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
Race Condition
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server
CVE-2018-1000805
8.8 - High
- October 08, 2018
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
AuthZ
transport.py in the SSH server implementation of Paramiko before 1.17.6
CVE-2018-7750
9.8 - Critical
- March 13, 2018
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
authentification
