VDB
RHSA-2025%3A0778
RHSA-2025%3A0778
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | multicluster-engine/must-gather-rhel9@sha256:b9671b1fb0f1282bd0c5decd52579877e00c78a2306ef7eacc7dd71f50b54856_ppc64le as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | multicluster-engine/must-gather-rhel9@sha256:b9671b1fb0f1282bd0c5decd52579877e00c78a2306ef7eacc7dd71f50b54856_ppc64le, *, * |
| Red Hat | multicluster-engine/cluster-proxy-rhel9@sha256:b462c4eebf8df2a0e3313ae3d7c8bf41cb2086a38b55cacd12ddcc4dfcb74eaf_arm64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, multicluster-engine/cluster-proxy-rhel9@sha256:b462c4eebf8df2a0e3313ae3d7c8bf41cb2086a38b55cacd12ddcc4dfcb74eaf_arm64, * |
| Red Hat | multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:937fb4ceb197f9ac97834fd7347ea2240c4d94e77fa47dc2863169f818d555a7_amd64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:937fb4ceb197f9ac97834fd7347ea2240c4d94e77fa47dc2863169f818d555a7_amd64, * |
| Red Hat | multicluster-engine/multicloud-manager-rhel9@sha256:de125a1fa0055145af5b5a06e066fed7a334d61f3d37b07c5f5fcc69cdc4b612_amd64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | multicluster-engine/multicloud-manager-rhel9@sha256:de125a1fa0055145af5b5a06e066fed7a334d61f3d37b07c5f5fcc69cdc4b612_amd64 |
| Red Hat | multicluster-engine/multicloud-manager-rhel9@sha256:e2033aece0f5503821df1d48b986da9fb4d8a493535c8c80196b1d742aec9515_ppc64le as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | multicluster-engine/multicloud-manager-rhel9@sha256:e2033aece0f5503821df1d48b986da9fb4d8a493535c8c80196b1d742aec9515_ppc64le |
| Red Hat | multicluster-engine/multicloud-manager-rhel9@sha256:7c9865e1115a389a65646c0ba1585b067dffdf9ae7c71137188b69d39046e1d4_arm64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | multicluster-engine/multicloud-manager-rhel9@sha256:7c9865e1115a389a65646c0ba1585b067dffdf9ae7c71137188b69d39046e1d4_arm64 |
| Red Hat | multicluster-engine/clusterclaims-controller-rhel9@sha256:545e85f0bcb7e0b589cab05232efef15c8e995164095e15d00a45e19455b57f2_s390x as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | multicluster-engine/clusterclaims-controller-rhel9@sha256:545e85f0bcb7e0b589cab05232efef15c8e995164095e15d00a45e19455b57f2_s390x |
| Red Hat | multicluster-engine/cluster-api-rhel9@sha256:4fd8f7897b215c77b8b1312af2a974a493911fd3af084a2cb15fc3bb3a7d5085_ppc64le as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, *, * |
| Red Hat | multicluster-engine/cluster-api-provider-agent-rhel9@sha256:0e030e5e7bc120412e0bc2a72e5823486b4fcf530214dfbc73edb2bba86edb80_amd64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | multicluster-engine/cluster-api-provider-agent-rhel9@sha256:0e030e5e7bc120412e0bc2a72e5823486b4fcf530214dfbc73edb2bba86edb80_amd64, *, * |
| Red Hat | multicluster-engine/registration-operator-rhel9@sha256:72f4d6f9033608178434289dfb2670281a646893eda4329c8e59db24912a669f_arm64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | multicluster-engine/registration-operator-rhel9@sha256:72f4d6f9033608178434289dfb2670281a646893eda4329c8e59db24912a669f_arm64 |
| Red Hat | multicluster-engine/cluster-curator-controller-rhel9@sha256:2b325585d76a8a5e1a6bbbb5085ab920fe496617b7dcda1b7e5a665ae3862fea_arm64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, *, multicluster-engine/cluster-curator-controller-rhel9@sha256:2b325585d76a8a5e1a6bbbb5085ab920fe496617b7dcda1b7e5a665ae3862fea_arm64 |
| Red Hat | multicluster-engine/backplane-rhel9-operator@sha256:d7b47a1d8292ec1560c9253776bd15fa74a52a13f5bdaa334341bd7892ad6661_s390x as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, *, multicluster-engine/backplane-rhel9-operator@sha256:d7b47a1d8292ec1560c9253776bd15fa74a52a13f5bdaa334341bd7892ad6661_s390x |
| Red Hat | multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:2b7143a4591f93af9ef0f9642a0a9c56807c40050bd54dcd056249468aaccc98_s390x as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | * |
| Red Hat | multicluster-engine/placement-rhel9@sha256:862b376c1666bde8f0c9b61e475af29869980c944793cc725e00c8b19e6e9ab3_amd64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, multicluster-engine/placement-rhel9@sha256:862b376c1666bde8f0c9b61e475af29869980c944793cc725e00c8b19e6e9ab3_amd64, * |
| Red Hat | multicluster-engine/cluster-api-provider-agent-rhel9@sha256:0e030e5e7bc120412e0bc2a72e5823486b4fcf530214dfbc73edb2bba86edb80_amd64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | * |
| Red Hat | multicluster-engine/assisted-installer-agent-rhel8@sha256:ceb2cb92d5f41ae8b8d3b92b408a33077f9d6ff3bf8dc1d962fe74360307c032_ppc64le as a component of multicluster engine for Kubernetes 2.6 for RHEL 8 | multicluster-engine/assisted-installer-agent-rhel8@sha256:ceb2cb92d5f41ae8b8d3b92b408a33077f9d6ff3bf8dc1d962fe74360307c032_ppc64le, *, * |
| Red Hat | multicluster-engine/hypershift-addon-rhel9-operator@sha256:2e87a5abde094cf1fd05ea5bff115c00c24dab65f5f30f1172a711d9c9f2090d_amd64 as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, *, * |
| Red Hat | multicluster-engine/hive-rhel9@sha256:8a95d314db12475860526ed668ba588486ea9b7d65f2cdd6a8f5bd5979d40b57_ppc64le as a component of multicluster engine for Kubernetes 2.6 for RHEL 9 | *, multicluster-engine/hive-rhel9@sha256:8a95d314db12475860526ed668ba588486ea9b7d65f2cdd6a8f5bd5979d40b57_ppc64le, * |
| Red Hat | multicluster-engine/assisted-service-8-rhel8@sha256:17b916c7744b3da2b777d55346ae4132aa960d4e8e0daf101cfdbf89d8963c61_ppc64le as a component of multicluster engine for Kubernetes 2.6 for RHEL 8 | multicluster-engine/assisted-service-8-rhel8@sha256:17b916c7744b3da2b777d55346ae4132aa960d4e8e0daf101cfdbf89d8963c61_ppc64le, *, * |
…and 260 more
Timeline
- Jan 28, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:0778 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2331063 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2331720 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0778.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45337 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45337 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45337 advisory
- https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 advisory
- https://go.dev/cl/635315 advisory
- https://go.dev/issue/70779 advisory
- https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3321 advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ advisory
…and 7 more