Back to bug 1375941
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-09-14 10:11:59 UTC | Summary | jsch: path traversal vulnerability | CVE-2016-5725 jsch: path traversal vulnerability |
| Martin Prpič | 2016-09-14 10:12:34 UTC | Whiteboard | impact=moderate,public=20160831,reported=20160906,source=mageia,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=5.9/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected,bpms-6/jsch=affected,brms-6/jsch=affected,amq-6/jsch=affected,jdv-6/jsch=affected,fsw-6/jsch=affected,fuse-6/jsch=affected,jon-3/jsch=affected,openshift-enterprise-2/jsch=affected,rhel-5/jsch=wontfix,rhel-6/jsch=affected,rhel-7/jsch=affected,rhn_satellite_6/jsch=affected,rhev-m-4/jsch=affected,dts-3/jsch=affected,rhscl-2/rh-java-common-jsch=affected | impact=moderate,public=20160831,reported=20160906,source=mageia,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected,bpms-6/jsch=affected,brms-6/jsch=affected,amq-6/jsch=affected,jdv-6/jsch=affected,fsw-6/jsch=affected,fuse-6/jsch=affected,jon-3/jsch=affected,openshift-enterprise-2/jsch=affected,rhel-5/jsch=wontfix,rhel-6/jsch=affected,rhel-7/jsch=affected,rhn_satellite_6/jsch=affected,rhev-m-4/jsch=affected,dts-3/jsch=affected,rhscl-2/rh-java-common-jsch=affected |
| Martin Prpič | 2016-09-14 10:15:40 UTC | Priority | unspecified | medium |
| Severity | unspecified | medium | ||
| Martin Prpič | 2016-09-14 10:20:14 UTC | Fixed In Version | jsch 0.1.53 | |
| Martin Prpič | 2016-09-14 10:33:55 UTC | Blocks | 1375955 | |
| Martin Prpič | 2016-09-14 10:49:59 UTC | CC | abhgupta, aileenc, akurtako, alazarot, aszczucz, bgollahe, bkearney, bmcclain, cbillett, chazlett, dblechte, dmcphers, eedri, etirelli, felias, gvarsami, hchiorea, hhorak, java-maint, java-sig-commits, jcoleman, jerboaa, jialiu, jmatthew, jokerman, jolee, jorton, jshepherd, kanderso, kconner, krzysztof.daniel, kseifried, kverlaen, ldimaggi, lmeyer, lpetrovi, mbaluch, mgoldboi, miburman, michal.skrivanek, mizdebsk, mmccomas, mmccune, mnewsome, mwinkler, nwallace, ohadlevy, ohudlick, patrickm, pavelp, rrajasek, rwagner, rzhang, rzima, satellite6-bugs, sbonazzo, sherold, soa-p-jira, spinder, tcunning, theute, tiwillia, tjay, tkirby, tlestach, tsanders, vhalbert, ydary, ykaul | |
| Jason Shepherd | 2016-09-15 02:33:38 UTC | Whiteboard | impact=moderate,public=20160831,reported=20160906,source=mageia,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected,bpms-6/jsch=affected,brms-6/jsch=affected,amq-6/jsch=affected,jdv-6/jsch=affected,fsw-6/jsch=affected,fuse-6/jsch=affected,jon-3/jsch=affected,openshift-enterprise-2/jsch=affected,rhel-5/jsch=wontfix,rhel-6/jsch=affected,rhel-7/jsch=affected,rhn_satellite_6/jsch=affected,rhev-m-4/jsch=affected,dts-3/jsch=affected,rhscl-2/rh-java-common-jsch=affected | impact=moderate,public=20160831,reported=20160906,source=mageia,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected,bpms-6/jsch=affected,brms-6/jsch=affected,amq-6/jsch=affected,jdv-6/jsch=affected,fsw-6/jsch=affected,fuse-6/jsch=affected,jon-3/jsch=notaffected,openshift-enterprise-2/jsch=affected,rhel-5/jsch=wontfix,rhel-6/jsch=affected,rhel-7/jsch=affected,rhn_satellite_6/jsch=affected,rhev-m-4/jsch=affected,dts-3/jsch=affected,rhscl-2/rh-java-common-jsch=affected |
| Andrej Nemec | 2016-09-15 07:16:27 UTC | Keywords | Security | |
| CC | anemec | |||
| Hooman Broujerdi | 2016-09-16 00:32:23 UTC | CC | hghasemb | |
| Pavel Polischouk | 2016-10-17 23:22:46 UTC | Whiteboard | impact=moderate,public=20160831,reported=20160906,source=mageia,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected,bpms-6/jsch=affected,brms-6/jsch=affected,amq-6/jsch=affected,jdv-6/jsch=affected,fsw-6/jsch=affected,fuse-6/jsch=affected,jon-3/jsch=notaffected,openshift-enterprise-2/jsch=affected,rhel-5/jsch=wontfix,rhel-6/jsch=affected,rhel-7/jsch=affected,rhn_satellite_6/jsch=affected,rhev-m-4/jsch=affected,dts-3/jsch=affected,rhscl-2/rh-java-common-jsch=affected | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Andrej Nemec | 2016-10-18 07:12:49 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Martin Prpič | 2016-10-18 07:56:22 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Horia Chiorean | 2016-10-18 07:57:37 UTC | CC | hchiorea | |
| Tomas Hoger | 2016-11-03 20:51:21 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Apurbita Mukherjee | 2017-02-27 08:43:34 UTC | CC | apmukher | |
| Scott Herold | 2017-09-12 15:27:51 UTC | CC | sherold | |
| Hooman Broujerdi | 2017-09-12 23:48:24 UTC | CC | sparks | |
| Doc Text | A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get, to allow the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. | |||
| Flags | needinfo?(sparks) | |||
| Eric Christensen | 2017-09-13 13:07:07 UTC | Doc Text | A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get, to allow the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. | A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process. |
| Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,openshift-enterprise-2/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-5/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-7/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhn_satellite_6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhev-m-4/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,dts-3/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhscl-2/rh-java-common-jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate | ||
| Eric Christensen | 2017-09-13 13:22:37 UTC | Flags | needinfo?(sparks) | |
| Eric Christensen | 2017-09-13 13:23:32 UTC | Flags | needinfo?(hghasemb) | |
| Hooman Broujerdi | 2017-09-13 21:01:44 UTC | Flags | needinfo?(hghasemb) | |
| Hooman Broujerdi | 2017-09-14 22:49:16 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,openshift-enterprise-2/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-5/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-7/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhn_satellite_6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhev-m-4/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,dts-3/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhscl-2/rh-java-common-jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Eric Christensen | 2017-09-15 14:43:09 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-2/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,openshift-enterprise-2/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-5/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-7/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhn_satellite_6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhev-m-4/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,dts-3/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhscl-2/rh-java-common-jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate |
| Eric Christensen | 2017-10-05 19:04:04 UTC | Doc Text | A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process. | A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process. |
| Tomas Hoger | 2017-10-26 21:20:40 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,openshift-enterprise-2/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-5/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhel-7/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhn_satellite_6/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhev-m-4/jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,dts-3/jsch=wontfix/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate,rhscl-2/rh-java-common-jsch=affected/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/impact=moderate | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-3/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| PnT Account Manager | 2017-12-07 23:58:28 UTC | CC | felias | |
| Tomas Hoger | 2017-12-12 21:41:42 UTC | Fixed In Version | jsch 0.1.53 | jsch 0.1.54 |
| Tomas Hoger | 2017-12-12 22:05:53 UTC | Summary | CVE-2016-5725 jsch: path traversal vulnerability | CVE-2016-5725 jsch: ChannelSftp path traversal vulnerability |
| Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=wontfix/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-3/rh-java-common-jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | ||
| Tomas Hoger | 2017-12-12 22:11:48 UTC | CC | dbhole | |
| Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | ||
| Tomas Hoger | 2017-12-12 22:45:20 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-6/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-7/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate,rhel-6/jsch=notaffected/impact=moderate,rhel-7/jsch=notaffected,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate |
| Tomas Hoger | 2017-12-12 22:50:45 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate,rhel-6/jsch=notaffected/impact=moderate,rhel-7/jsch=notaffected,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate,rhel-6/jsch=notaffected/impact=moderate,rhel-7/jsch=notaffected/impact=moderate,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate |
| Eric Christensen | 2018-02-02 19:43:41 UTC | CC | sparks | |
| PnT Account Manager | 2018-05-10 18:18:05 UTC | CC | pavelp | |
| PnT Account Manager | 2018-06-29 22:14:42 UTC | CC | kseifried | |
| PnT Account Manager | 2018-11-05 22:47:13 UTC | CC | ylavi | |
| PnT Account Manager | 2018-11-09 22:32:22 UTC | CC | hghasemb | |
| PnT Account Manager | 2019-04-22 21:31:13 UTC | CC | tjay | |
| PnT Account Manager | 2019-05-02 21:51:50 UTC | CC | anemec | |
| Lukáš Petrovický | 2019-09-24 14:08:32 UTC | CC | lpetrovi | |
| Product Security DevOps Team | 2019-09-29 13:56:12 UTC | Whiteboard | impact=low,public=20160831,reported=20160906,source=mageia,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-22,fedora-all/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,bpms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,brms-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,amq-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jdv-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fsw-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,fuse-6/jsch=wontfix/cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N,jon-3/jsch=notaffected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,openshift-enterprise-2/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhel-5/jsch=notaffected/impact=moderate,rhel-6/jsch=notaffected/impact=moderate,rhel-7/jsch=notaffected/impact=moderate,rhn_satellite_6/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,rhev-m-4/jsch=affected/impact=moderate/cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N,dts-3/jsch=notaffected/impact=moderate,rhscl-3/rh-java-common-jsch=notaffected/impact=moderate | |
| PnT Account Manager | 2020-10-20 21:09:13 UTC | CC | vhalbert | |
| PnT Account Manager | 2020-11-12 22:19:47 UTC | CC | miburman | |
| Doran Moppert | 2021-01-20 02:13:52 UTC | CC | vondruch | |
| Red Hat Bugzilla | 2021-03-23 23:38:38 UTC | CC | dblechte | |
| Alexander Kurtakov | 2021-04-23 11:36:03 UTC | CC | akurtako | |
| Red Hat Bugzilla | 2021-09-01 04:30:09 UTC | CC | spinder | |
| Red Hat Bugzilla | 2021-10-15 11:52:07 UTC | CC | kconner | |
| Joshua Padman | 2021-10-21 00:55:02 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-10-21 00:55:02 UTC |
Back to bug 1375941