VDB

RHSA-2025%3A0552

RHSA-2025%3A0552 PUBLISHED CVSS 8.199999809265137 HIGH

A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.

Risk Scores

CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatmulticluster-engine/cluster-api-provider-aws-rhel8@sha256:bea0c96bee624376a20912bd158b2861844116f4e692c0fe76e0a0e09053834d_s390x as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, *
Red Hatmulticluster-engine/provider-credential-controller-rhel8@sha256:90f6e748f763aaeb3765a3dc3e29ff7854b5e03c9c736c44a80464cc18dc9575_arm64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, *
Red Hatmulticluster-engine/assisted-installer-rhel8@sha256:adfef0f4b6f0e1ff80faf2edb036fa612b8b462cc5dd25d2e1133a72a804c826_s390x as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/assisted-installer-rhel8@sha256:adfef0f4b6f0e1ff80faf2edb036fa612b8b462cc5dd25d2e1133a72a804c826_s390x
Red Hatmulticluster-engine/aws-encryption-provider-rhel8@sha256:d109655ca5f83da070a578c3e9b225d1f63fb6523461c2fd3bc1b9ea86ffeb13_ppc64le as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/aws-encryption-provider-rhel8@sha256:d109655ca5f83da070a578c3e9b225d1f63fb6523461c2fd3bc1b9ea86ffeb13_ppc64le, *
Red Hatmulticluster-engine/apiserver-network-proxy-rhel8@sha256:8c751b1ef9467a15cf117ce580224a86470ee4a6c0df2ca79ffd3bb8d29dd6bb_s390x as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, multicluster-engine/apiserver-network-proxy-rhel8@sha256:8c751b1ef9467a15cf117ce580224a86470ee4a6c0df2ca79ffd3bb8d29dd6bb_s390x
Red Hatmulticluster-engine/addon-manager-rhel8@sha256:8e360d0b2c3471faa15bb56672e9376b5c59dc095bbba99166a96df98faa6f7d_ppc64le as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/addon-manager-rhel8@sha256:8e360d0b2c3471faa15bb56672e9376b5c59dc095bbba99166a96df98faa6f7d_ppc64le
Red Hatmulticluster-engine/hypershift-rhel8-operator@sha256:030e5bb0f4c0179e0501bb9cce4a12f78bd74e22f993f3a16042dffc5336452c_s390x as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/hypershift-rhel8-operator@sha256:030e5bb0f4c0179e0501bb9cce4a12f78bd74e22f993f3a16042dffc5336452c_s390x, *
Red Hatmulticluster-engine/aws-encryption-provider-rhel8@sha256:e2230599d54a396b33c78d1ef51860941fb8d32c9ef6183f2044d18d3377dc73_arm64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, multicluster-engine/aws-encryption-provider-rhel8@sha256:e2230599d54a396b33c78d1ef51860941fb8d32c9ef6183f2044d18d3377dc73_arm64
Red Hatmulticluster-engine/managedcluster-import-controller-rhel8@sha256:cc3b09fbb0a8ef67c26c93158e9eac3fb82235011e8a9f37749d1afe24f6e141_amd64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, multicluster-engine/managedcluster-import-controller-rhel8@sha256:cc3b09fbb0a8ef67c26c93158e9eac3fb82235011e8a9f37749d1afe24f6e141_amd64
Red Hatmulticluster-engine/aws-encryption-provider-rhel8@sha256:7c081b1cf8d2c4fbbb8e3c7ec6510c0da038091b2d66e7ef17fda38d4fc56215_amd64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/aws-encryption-provider-rhel8@sha256:7c081b1cf8d2c4fbbb8e3c7ec6510c0da038091b2d66e7ef17fda38d4fc56215_amd64, *
Red Hatmulticluster-engine/placement-rhel8@sha256:903ac00e2b3012954e6f0006890b2c855071d1b57662f9253b435f54242ce191_amd64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/placement-rhel8@sha256:903ac00e2b3012954e6f0006890b2c855071d1b57662f9253b435f54242ce191_amd64, *
Red Hatmulticluster-engine/cluster-api-provider-aws-rhel8@sha256:54b5f4a1936d2c6fcaee7d032e677ae85fb5d2062469ea48c7be81e037b8a74d_ppc64le as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/cluster-api-provider-aws-rhel8@sha256:54b5f4a1936d2c6fcaee7d032e677ae85fb5d2062469ea48c7be81e037b8a74d_ppc64le, *
Red Hatmulticluster-engine/registration-rhel8@sha256:4c33cb263e08b24907b161828bc2104e0ca90c03297b8cf88af1fa81cbbed24a_ppc64le as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, multicluster-engine/registration-rhel8@sha256:4c33cb263e08b24907b161828bc2104e0ca90c03297b8cf88af1fa81cbbed24a_ppc64le
Red Hatmulticluster-engine/assisted-image-service-rhel8@sha256:69a265098a63d52b7fd48d0e203f98f65980a227bb84a12dc5b95faa9b8f6466_s390x as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, multicluster-engine/assisted-image-service-rhel8@sha256:69a265098a63d52b7fd48d0e203f98f65980a227bb84a12dc5b95faa9b8f6466_s390x
Red Hatmulticluster-engine/assisted-image-service-rhel8@sha256:69a265098a63d52b7fd48d0e203f98f65980a227bb84a12dc5b95faa9b8f6466_s390x as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/assisted-image-service-rhel8@sha256:69a265098a63d52b7fd48d0e203f98f65980a227bb84a12dc5b95faa9b8f6466_s390x
Red Hatmulticluster-engine/assisted-installer-reporter-rhel8@sha256:fb1d3465cff97b1a2a239d739e1104ca906dc4232963bbd518c5b786e76c6061_ppc64le as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/assisted-installer-reporter-rhel8@sha256:fb1d3465cff97b1a2a239d739e1104ca906dc4232963bbd518c5b786e76c6061_ppc64le
Red Hatmulticluster-engine/managedcluster-import-controller-rhel8@sha256:685449c2aa1c458d646e6aa6ec0a20e9ac47f61c03f95bf43e75aadd61f521fe_arm64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/managedcluster-import-controller-rhel8@sha256:685449c2aa1c458d646e6aa6ec0a20e9ac47f61c03f95bf43e75aadd61f521fe_arm64, *
Red Hatmulticluster-engine/assisted-installer-reporter-rhel8@sha256:7189cc7a296d6d4aaee6fc5c569975a5ec156a786c0ad749f802d516ff399802_arm64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/assisted-installer-reporter-rhel8@sha256:7189cc7a296d6d4aaee6fc5c569975a5ec156a786c0ad749f802d516ff399802_arm64
Red Hatmulticluster-engine/cluster-proxy-rhel8@sha256:5f18dcfc45fc7e2a25df68b8d22edffaf05da92ff77ded40c35cf6d3e7fd04b0_ppc64le as a component of multicluster engine for Kubernetes 2.4 for RHEL 8multicluster-engine/cluster-proxy-rhel8@sha256:5f18dcfc45fc7e2a25df68b8d22edffaf05da92ff77ded40c35cf6d3e7fd04b0_ppc64le, *
Red Hatmulticluster-engine/agent-service-rhel8@sha256:e412e953db02a989fa39786d832f456be199cd2cd7cd9ff9d78b8beadc6de2fb_amd64 as a component of multicluster engine for Kubernetes 2.4 for RHEL 8*, *

…and 268 more

Timeline

  • Jan 21, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›