{"id":"PYSEC-2018-69","details":"Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.","aliases":["CVE-2018-1000805","GHSA-f2j6-wrhh-v25m"],"modified":"2023-11-01T05:18:17.759792Z","published":"2018-10-08T15:29:00Z","references":[{"type":"REPORT","url":"https://github.com/paramiko/paramiko/issues/1283"},{"type":"WEB","url":"https://usn.ubuntu.com/3796-2/"},{"type":"WEB","url":"https://usn.ubuntu.com/3796-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3796-3/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3406"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3347"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2018:3497"},{"type":"WEB","url":"https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-f2j6-wrhh-v25m"}],"affected":[{"package":{"name":"paramiko","ecosystem":"PyPI","purl":"pkg:pypi/paramiko"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.5.1"},{"fixed":"2.0.9"}]}],"versions":["1.10.0","1.10.1","1.10.2","1.10.3","1.10.4","1.10.5","1.10.6","1.10.7","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.12.0","1.12.1","1.12.2","1.12.3","1.12.4","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.14.0","1.14.1","1.14.2","1.14.3","1.15.0","1.15.1","1.15.2","1.15.3","1.15.4","1.15.5","1.16.0","1.16.1","1.16.2","1.16.3","1.17.0","1.17.1","1.17.2","1.17.3","1.17.4","1.17.5","1.17.6","1.18.0","1.18.1","1.18.2","1.18.3","1.18.4","1.18.5","1.5.1","1.5.2","1.5.4","1.6","1.6.1","1.6.2","1.6.3","1.6.4","1.7","1.7.1","1.7.2","1.7.4","1.7.5","1.7.6","1.7.7.1","1.7.7.2","1.8.0","1.8.1","1.9.0","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/paramiko/PYSEC-2018-69.yaml"}}],"schema_version":"1.7.3"}