VDB
RHSA-2025%3A1332
RHSA-2025%3A1332
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:e2127bc946ad3aea529e9347eff91d5250caa51b262c5db15d7a6b207b3ae42a_s390x as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9@sha256:e2127bc946ad3aea529e9347eff91d5250caa51b262c5db15d7a6b207b3ae42a_s390x |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:411a3bcf728789173eaa2779117fe83153cf6ed92d029f29e942b8af83faf06f_s390x as a component of gatekeeper 3.15 for RHEL 9 | *, gatekeeper/gatekeeper-rhel9-operator@sha256:411a3bcf728789173eaa2779117fe83153cf6ed92d029f29e942b8af83faf06f_s390x, * |
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:e2127bc946ad3aea529e9347eff91d5250caa51b262c5db15d7a6b207b3ae42a_s390x as a component of gatekeeper 3.15 for RHEL 9 | *, *, * |
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:d5a7e41d658fcf97ddfc643bf199a85e32e7fb2c1be7c9536d2270d070afc523_arm64 as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9@sha256:d5a7e41d658fcf97ddfc643bf199a85e32e7fb2c1be7c9536d2270d070afc523_arm64 |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:11a924ee37ee6a1839226ef958a6180508e6b774b0905cd238f1b0839179c79a_amd64 as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9-operator@sha256:11a924ee37ee6a1839226ef958a6180508e6b774b0905cd238f1b0839179c79a_amd64 |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:411a3bcf728789173eaa2779117fe83153cf6ed92d029f29e942b8af83faf06f_s390x as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9-operator@sha256:411a3bcf728789173eaa2779117fe83153cf6ed92d029f29e942b8af83faf06f_s390x |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:39d361449563ca2ee180e2ff713d157c437e89eeef3bd219851c65bcdee1734c_arm64 as a component of gatekeeper 3.15 for RHEL 9 | *, *, * |
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:75b77a63258a21ed2e858e3e6e5f666976dac1f57b270ed3ddf4b1a4b1f2c2b8_ppc64le as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9@sha256:75b77a63258a21ed2e858e3e6e5f666976dac1f57b270ed3ddf4b1a4b1f2c2b8_ppc64le |
| Red Hat | gatekeeper/gatekeeper-operator-bundle | |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:4c068b81f1c0d0f2047b5a396420017563209122f44c31eb855b8921e434a4c5_ppc64le as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9-operator@sha256:4c068b81f1c0d0f2047b5a396420017563209122f44c31eb855b8921e434a4c5_ppc64le |
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:777fcd326977c63e8fc2970734374e84c26293930fc0576ddcf1ca29ac8163ca_amd64 as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9@sha256:777fcd326977c63e8fc2970734374e84c26293930fc0576ddcf1ca29ac8163ca_amd64 |
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:777fcd326977c63e8fc2970734374e84c26293930fc0576ddcf1ca29ac8163ca_amd64 as a component of gatekeeper 3.15 for RHEL 9 | *, *, * |
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:75b77a63258a21ed2e858e3e6e5f666976dac1f57b270ed3ddf4b1a4b1f2c2b8_ppc64le as a component of gatekeeper 3.15 for RHEL 9 | *, gatekeeper/gatekeeper-rhel9@sha256:75b77a63258a21ed2e858e3e6e5f666976dac1f57b270ed3ddf4b1a4b1f2c2b8_ppc64le, * |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:4c068b81f1c0d0f2047b5a396420017563209122f44c31eb855b8921e434a4c5_ppc64le as a component of gatekeeper 3.15 for RHEL 9 | gatekeeper/gatekeeper-rhel9-operator@sha256:4c068b81f1c0d0f2047b5a396420017563209122f44c31eb855b8921e434a4c5_ppc64le, *, * |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:39d361449563ca2ee180e2ff713d157c437e89eeef3bd219851c65bcdee1734c_arm64 as a component of gatekeeper 3.15 for RHEL 9 | * |
| Red Hat | gatekeeper/gatekeeper-rhel9@sha256:d5a7e41d658fcf97ddfc643bf199a85e32e7fb2c1be7c9536d2270d070afc523_arm64 as a component of gatekeeper 3.15 for RHEL 9 | *, *, gatekeeper/gatekeeper-rhel9@sha256:d5a7e41d658fcf97ddfc643bf199a85e32e7fb2c1be7c9536d2270d070afc523_arm64 |
| Red Hat | gatekeeper/gatekeeper-operator-bundle@sha256:9f6e54feb9b36b5ffe08ead26b17891902452eb28de0d64cf775d9fdc35309e7_amd64 as a component of gatekeeper 3.15 for RHEL 9 | *, gatekeeper/gatekeeper-operator-bundle@sha256:9f6e54feb9b36b5ffe08ead26b17891902452eb28de0d64cf775d9fdc35309e7_amd64, * |
| Red Hat | gatekeeper/gatekeeper-rhel9-operator@sha256:11a924ee37ee6a1839226ef958a6180508e6b774b0905cd238f1b0839179c79a_amd64 as a component of gatekeeper 3.15 for RHEL 9 | *, gatekeeper/gatekeeper-rhel9-operator@sha256:11a924ee37ee6a1839226ef958a6180508e6b774b0905cd238f1b0839179c79a_amd64, * |
| Red Hat | gatekeeper/gatekeeper-operator-bundle@sha256:9f6e54feb9b36b5ffe08ead26b17891902452eb28de0d64cf775d9fdc35309e7_amd64 as a component of gatekeeper 3.15 for RHEL 9 | * |
Timeline
- Feb 12, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:1332 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.15.0 advisory
- https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.15.1 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2331720 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://issues.redhat.com/browse/HYPBLD-546 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1332.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45337 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45337 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45337 advisory
- https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 advisory
- https://go.dev/cl/635315 advisory
- https://go.dev/issue/70779 advisory
- https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3321 advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
…and 3 more