CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

0.0 CVSS

Description

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Vendor: golang.org/x/crypto

Product: golang.org/x/crypto/ssh

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.85% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

2024-12-12 00:31:10 UTC
CVE

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
2024-12-12 20:15:19 UTC
Github Advisory Database (Go)

[github.com/ryanbekhen/nanoproxy] Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy
2025-02-04 08:01:21 UTC
Tenable Plugins

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-049)
2025-02-04 08:03:22 UTC
Tenable Plugins

Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-050)
2025-02-04 08:06:23 UTC
Tenable Plugins

Amazon Linux 2 : containerd (ALASDOCKER-2025-049)
2025-02-04 08:07:24 UTC
Tenable Plugins

Amazon Linux 2 : containerd (ALASECS-2025-046)
2025-04-05 14:30:24 UTC
Tenable Plugins

SUSE SLES15 / openSUSE 15 Security Update : google-guest-agent (SUSE-SU-2025:1143-1)
2025-04-05 14:30:25 UTC
Tenable Plugins

SUSE SLES12 Security Update : google-guest-agent (SUSE-SU-2025:1142-1)