OpenSSH (<9.3) ssh-add Smartcard keys added to ssh-agent without per-hop ACL
CVE-2023-28531 Published on March 17, 2023
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2023-28531 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2023-28531
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-28531 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.