Paramiko Paramiko

Do you want an email whenever new security vulnerabilities are reported in Paramiko?

By the Year

In 2022 there have been 1 vulnerability in Paramiko with an average score of 5.9 out of ten. Paramiko did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 1 5.90
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 2 9.30

It may take a day or so for new Paramiko vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Paramiko Security Vulnerabilities

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could

CVE-2022-24302 5.9 - Medium - March 17, 2022

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Race Condition

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server

CVE-2018-1000805 8.8 - High - October 08, 2018

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

AuthZ

transport.py in the SSH server implementation of Paramiko before 1.17.6

CVE-2018-7750 9.8 - Critical - March 13, 2018

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Virtualization or by Paramiko? Click the Watch button to subscribe.

Paramiko
Vendor

Paramiko
Product

subscribe