Bug 2331720 (CVE-2024-45337) - CVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [NEEDINFO]
Summary: CVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallb...
Keywords:
Status: NEW
Alias: CVE-2024-45337
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2331920 2331921 2331922 2331923 2331924 2331925 2331928 2331929 2331930 2331931 2331932 2331935 2331936 2331938 2331939 2331941 2331942 2331946 2331947 2331948 2331949 2331951 2331952 2331953 2331957 2331958 2331962 2331966 2331967 2331968 2331972 2331973 2331974 2331975 2331977 2331978 2331979 2331985 2331986 2331990 2331917 2331919 2331926 2331927 2331933 2331934 2331937 2331940 2331943 2331944 2331945 2331950 2331954 2331955 2331956 2331959 2331960 2331961 2331963 2331964 2331965 2331969 2331970 2331971 2331976 2331980 2331981 2331982 2331983 2331984 2331987 2331988 2331989 2331991 2332003 2332004 2332005 2332006 2332007 2332008 2332009 2332010 2332012 2332013 2350499
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-11 19:01 UTC by OSIDB Bzimport
Modified: 2025-05-06 08:28 UTC (History)
71 users (show)

Fixed In Version: v0.31.0
Clone Of:
Environment:
Last Closed:
Embargoed:
phoracek: needinfo? (ahanwate)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:6121 0 None None None 2025-02-25 02:32:12 UTC
Red Hat Product Errata RHSA-2025:0385 0 None None None 2025-01-16 18:09:57 UTC
Red Hat Product Errata RHSA-2025:0386 0 None None None 2025-01-16 18:38:02 UTC
Red Hat Product Errata RHSA-2025:0552 0 None None None 2025-01-21 19:23:35 UTC
Red Hat Product Errata RHSA-2025:0560 0 None None None 2025-01-21 21:23:31 UTC
Red Hat Product Errata RHSA-2025:0576 0 None None None 2025-01-22 00:48:53 UTC
Red Hat Product Errata RHSA-2025:0577 0 None None None 2025-01-22 01:32:49 UTC
Red Hat Product Errata RHSA-2025:0645 0 None None None 2025-01-29 16:41:53 UTC
Red Hat Product Errata RHSA-2025:0649 0 None None None 2025-01-29 00:29:32 UTC
Red Hat Product Errata RHSA-2025:0653 0 None None None 2025-01-28 00:55:36 UTC
Red Hat Product Errata RHSA-2025:0676 0 None None None 2025-01-23 20:17:13 UTC
Red Hat Product Errata RHSA-2025:0679 0 None None None 2025-01-23 23:30:51 UTC
Red Hat Product Errata RHSA-2025:0723 0 None None None 2025-01-27 21:51:02 UTC
Red Hat Product Errata RHSA-2025:0778 0 None None None 2025-01-28 20:57:32 UTC
Red Hat Product Errata RHSA-2025:0785 0 None None None 2025-01-28 23:59:52 UTC
Red Hat Product Errata RHSA-2025:0839 0 None None None 2025-02-06 01:36:29 UTC
Red Hat Product Errata RHSA-2025:0851 0 None None None 2025-01-30 21:31:13 UTC
Red Hat Product Errata RHSA-2025:0892 0 None None None 2025-02-03 13:10:04 UTC
Red Hat Product Errata RHSA-2025:1331 0 None None None 2025-02-11 17:41:52 UTC
Red Hat Product Errata RHSA-2025:1332 0 None None None 2025-02-11 17:42:03 UTC
Red Hat Product Errata RHSA-2025:1333 0 None None None 2025-02-11 17:46:10 UTC
Red Hat Product Errata RHSA-2025:1334 0 None None None 2025-02-11 21:22:24 UTC
Red Hat Product Errata RHSA-2025:1451 0 None None None 2025-02-19 23:11:08 UTC
Red Hat Product Errata RHSA-2025:1468 0 None None None 2025-02-13 18:15:04 UTC
Red Hat Product Errata RHSA-2025:1710 0 None None None 2025-02-27 00:58:45 UTC
Red Hat Product Errata RHSA-2025:1824 0 None None None 2025-02-25 07:50:26 UTC
Red Hat Product Errata RHSA-2025:1829 0 None None None 2025-02-25 09:15:45 UTC
Red Hat Product Errata RHSA-2025:2652 0 None None None 2025-03-11 09:16:50 UTC
Red Hat Product Errata RHSA-2025:3069 0 None None None 2025-03-20 08:38:11 UTC
Red Hat Product Errata RHSA-2025:3542 0 None None None 2025-04-02 19:51:54 UTC
Red Hat Product Errata RHSA-2025:3560 0 None None None 2025-04-03 05:09:17 UTC

Description OSIDB Bzimport 2024-12-11 19:01:18 UTC 
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.
Comment 4 errata-xmlrpc 2025-01-16 18:09:53 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:0385 https://access.redhat.com/errata/RHSA-2025:0385
Comment 5 errata-xmlrpc 2025-01-16 18:37:57 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9

Via RHSA-2025:0386 https://access.redhat.com/errata/RHSA-2025:0386
Comment 6 errata-xmlrpc 2025-01-21 19:23:30 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.4 for RHEL 8

Via RHSA-2025:0552 https://access.redhat.com/errata/RHSA-2025:0552
Comment 7 errata-xmlrpc 2025-01-21 21:23:27 UTC 
This issue has been addressed in the following products:

  multicluster-globalhub 1.2 for RHEL 9

Via RHSA-2025:0560 https://access.redhat.com/errata/RHSA-2025:0560
Comment 8 errata-xmlrpc 2025-01-22 00:48:49 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8

Via RHSA-2025:0576 https://access.redhat.com/errata/RHSA-2025:0576
Comment 9 errata-xmlrpc 2025-01-22 01:32:43 UTC 
This issue has been addressed in the following products:

  multicluster-globalhub 1.3 for RHEL 9

Via RHSA-2025:0577 https://access.redhat.com/errata/RHSA-2025:0577
Comment 10 errata-xmlrpc 2025-01-23 20:17:08 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.5 for RHEL 9
  multicluster engine for Kubernetes 2.5 for RHEL 8

Via RHSA-2025:0676 https://access.redhat.com/errata/RHSA-2025:0676
Comment 11 errata-xmlrpc 2025-01-23 23:30:46 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9

Via RHSA-2025:0679 https://access.redhat.com/errata/RHSA-2025:0679
Comment 12 errata-xmlrpc 2025-01-27 21:50:57 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.7 for RHEL 9
  multicluster engine for Kubernetes 2.7 for RHEL 8

Via RHSA-2025:0723 https://access.redhat.com/errata/RHSA-2025:0723
Comment 13 errata-xmlrpc 2025-01-28 00:55:31 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0653 https://access.redhat.com/errata/RHSA-2025:0653
Comment 14 errata-xmlrpc 2025-01-28 20:57:27 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.6 for RHEL 9
  multicluster engine for Kubernetes 2.6 for RHEL 8

Via RHSA-2025:0778 https://access.redhat.com/errata/RHSA-2025:0778
Comment 15 errata-xmlrpc 2025-01-28 23:59:47 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9

Via RHSA-2025:0785 https://access.redhat.com/errata/RHSA-2025:0785
Comment 16 errata-xmlrpc 2025-01-29 00:29:27 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:0649 https://access.redhat.com/errata/RHSA-2025:0649
Comment 17 errata-xmlrpc 2025-01-29 16:41:48 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:0645 https://access.redhat.com/errata/RHSA-2025:0645
Comment 18 errata-xmlrpc 2025-01-30 21:31:08 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:0851 https://access.redhat.com/errata/RHSA-2025:0851
Comment 19 errata-xmlrpc 2025-02-03 13:09:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Dev Spaces 3 Containers

Via RHSA-2025:0892 https://access.redhat.com/errata/RHSA-2025:0892
Comment 20 errata-xmlrpc 2025-02-06 01:36:24 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:0839 https://access.redhat.com/errata/RHSA-2025:0839
Comment 21 errata-xmlrpc 2025-02-11 17:41:47 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.17 for RHEL 9

Via RHSA-2025:1331 https://access.redhat.com/errata/RHSA-2025:1331
Comment 22 errata-xmlrpc 2025-02-11 17:41:58 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.15 for RHEL 9

Via RHSA-2025:1332 https://access.redhat.com/errata/RHSA-2025:1332
Comment 23 errata-xmlrpc 2025-02-11 17:46:04 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.14 for RHEL 9

Via RHSA-2025:1333 https://access.redhat.com/errata/RHSA-2025:1333
Comment 24 errata-xmlrpc 2025-02-11 21:22:19 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.5

Via RHSA-2025:1334 https://access.redhat.com/errata/RHSA-2025:1334
Comment 25 errata-xmlrpc 2025-02-13 18:14:58 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.4

Via RHSA-2025:1468 https://access.redhat.com/errata/RHSA-2025:1468
Comment 27 errata-xmlrpc 2025-02-19 23:11:03 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:1451 https://access.redhat.com/errata/RHSA-2025:1451
Comment 28 errata-xmlrpc 2025-02-25 02:32:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2024:6121 https://access.redhat.com/errata/RHSA-2024:6121
Comment 29 errata-xmlrpc 2025-02-25 07:50:20 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:1824 https://access.redhat.com/errata/RHSA-2025:1824
Comment 30 errata-xmlrpc 2025-02-25 09:15:40 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:1829 https://access.redhat.com/errata/RHSA-2025:1829
Comment 33 errata-xmlrpc 2025-02-27 00:58:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:1710 https://access.redhat.com/errata/RHSA-2025:1710
Comment 34 errata-xmlrpc 2025-03-11 09:16:45 UTC 
This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:2652 https://access.redhat.com/errata/RHSA-2025:2652
Comment 36 errata-xmlrpc 2025-03-20 08:38:06 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.14

Via RHSA-2025:3069 https://access.redhat.com/errata/RHSA-2025:3069
Comment 37 errata-xmlrpc 2025-04-02 19:51:49 UTC 
This issue has been addressed in the following products:

  RHODF-4.15-RHEL-9

Via RHSA-2025:3542 https://access.redhat.com/errata/RHSA-2025:3542
Comment 38 errata-xmlrpc 2025-04-03 05:09:13 UTC 
This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2025:3560 https://access.redhat.com/errata/RHSA-2025:3560
Note You need to log in before you can comment on or make changes to this bug.