| Vulnerability Name: | CVE-2022-24302 (CCN-222109) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2022-03-11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2022-03-11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2022-10-28 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-362 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-24302 Source: XF Type: UNKNOWN paramiko-cve202224302-info-disc(222109) Source: MISC Type: Exploit, Third Party Advisory https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546 Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-8eb95d8611 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-806492f1d1 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-bb5c461682 Source: CCN Type: IBM Security Bulletin 6614909 (Spectrum Discover) IBM Spectrum Discover is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6831849 (Cloud Pak for Watson AIOps) Multiple Vulnerabilities in CloudPak for Watson AIOPs Source: CCN Type: IBM Security Bulletin 6988909 (Cloud Pak for Data System) Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2022-24302] Source: CCN Type: IBM Security Bulletin 6995207 (Cloud Pak for Security) IBM Cloud Pak for Security includes components with multiple known vulnerabilities Source: CCN Type: IBM Security Bulletin 7002393 (Integrated Analytics System) Vulnerability in paramiko-2.4.2-py2.py3-none-any.whl affects IBM Integrated Analytics System [CVE-2022-24302] Source: CCN Type: Paramiko Web site Changelog Source: MISC Type: Release Notes, Vendor Advisory https://www.paramiko.org/changelog.html | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||