COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-28531

CVE-2023-28531

Severity
critical
Source
NVD · cve
Published
2023-03-17
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-28531

Players implicated

NetApp · vendoropenbsd · vendorbrocade fabric operating system · producthci bootstrap os · productopenssh · productsolidfire element os · product

Description

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Cloud Insights NetApp In Process vendor-exact · 0.90