VDB

RHSA-2025%3A1710

RHSA-2025%3A1710 PUBLISHED CVSS 8.199999809265137 HIGH

A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.

Risk Scores

CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ingress-node-firewall-rhel9-operator@sha256:75159b34761f26432767f8d3e04a02e3207edfaa3f89b04fe73a04bd5fec4a0c_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/ingress-node-firewall-rhel9-operator@sha256:75159b34761f26432767f8d3e04a02e3207edfaa3f89b04fe73a04bd5fec4a0c_s390x
Red Hatopenshift4/ose-cluster-capacity@sha256:ac7fca76edd63cbf30b7c52ed33368f8ff56714f43380985d76d5dff0b357f86_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *, openshift4/ose-cluster-capacity@sha256:ac7fca76edd63cbf30b7c52ed33368f8ff56714f43380985d76d5dff0b357f86_s390x
Red Hatopenshift4/metallb-rhel9@sha256:1fc3f2420c0df28ac479220a6632b9ba15b1f5005aaa1253b34061eb5e866cf1_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *, openshift4/metallb-rhel9@sha256:1fc3f2420c0df28ac479220a6632b9ba15b1f5005aaa1253b34061eb5e866cf1_arm64
Red Hatopenshift4/ose-sriov-infiniband-cni-rhel9@sha256:e5e2aa8e19bda76eb4d2c4de0d3fdb282e87746c5ddbaf5731f136766ad46ff1_amd64 as a component of Red Hat OpenShift Container Platform 4.15*
Red Hatopenshift4/ose-helm-operator@sha256:790dc84af308a452f1cc717299a48cdaafb6c18069f4e09e91fdeb8713a159a5_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *, openshift4/ose-helm-operator@sha256:790dc84af308a452f1cc717299a48cdaafb6c18069f4e09e91fdeb8713a159a5_s390x
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:9531c995e4acf693c0a055150f16bd6f49d6e8b5191e48feb069e80138c81b1d_s390x as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:9531c995e4acf693c0a055150f16bd6f49d6e8b5191e48feb069e80138c81b1d_s390x, *
Red Hatopenshift4/ose-ptp-rhel9-operator@sha256:423cf92b2eb4ab2e7d595955f8a76fc98a18298a6427aa4be08da445ed37dff8_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/ose-ptp-rhel9-operator@sha256:423cf92b2eb4ab2e7d595955f8a76fc98a18298a6427aa4be08da445ed37dff8_amd64, *
Red Hatopenshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:59402493e671f55e1716d3fe86f86c81e723a50e683cf37b55c5d32cae5d90dd_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:59402493e671f55e1716d3fe86f86c81e723a50e683cf37b55c5d32cae5d90dd_ppc64le, *
Red Hatopenshift4/ose-helm-operator@sha256:6826bda416967c8ea274af9579ea24d740c061efa204f92965983963ede9399d_arm64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-helm-operator@sha256:6826bda416967c8ea274af9579ea24d740c061efa204f92965983963ede9399d_arm64
Red Hatopenshift4/ose-operator-sdk-rhel8@sha256:5439a47c3187573b7bcba72a1da8718ffee0031e4c0b963431ee364e17b4b7e9_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatopenshift4/ose-cluster-nfd-rhel9-operator@sha256:d8c7d65cbaf941d24992140c9c1479fe5e3960ed729b065d7bceb555354aff60_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-cluster-nfd-rhel9-operator@sha256:d8c7d65cbaf941d24992140c9c1479fe5e3960ed729b065d7bceb555354aff60_s390x
Red Hatopenshift4/ose-cluster-capacity@sha256:1f494087f95a5a31e3bac58c1657bfd6d6b5d216648d2cb8f303148c45271efe_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, openshift4/ose-cluster-capacity@sha256:1f494087f95a5a31e3bac58c1657bfd6d6b5d216648d2cb8f303148c45271efe_ppc64le
Red Hatopenshift4/ose-sriov-network-device-plugin-rhel9@sha256:87e365c232fbef5f43db1f22ec674d0204f4066e2f57806bd492d0d6e5030ad2_ppc64le as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-sriov-network-device-plugin-rhel9@sha256:87e365c232fbef5f43db1f22ec674d0204f4066e2f57806bd492d0d6e5030ad2_ppc64le
Red Hatopenshift4/metallb-rhel9-operator@sha256:74208173ce15402001bdf1d95a89b5c777ce88ff24b754b84c08a13cfbfc2dd7_amd64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/metallb-rhel9-operator@sha256:74208173ce15402001bdf1d95a89b5c777ce88ff24b754b84c08a13cfbfc2dd7_amd64
Red Hatopenshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:c0c51cc46998f78559346076375e059b7b4837b26eee64b0e3365d3498d64743_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:c0c51cc46998f78559346076375e059b7b4837b26eee64b0e3365d3498d64743_arm64, *
Red Hatopenshift4/ose-clusterresourceoverride-rhel9@sha256:78892fea396f3f4b5e3d3c6e563ae506edaf30abc5f876363878b6fb3c8b2042_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *, openshift4/ose-clusterresourceoverride-rhel9@sha256:78892fea396f3f4b5e3d3c6e563ae506edaf30abc5f876363878b6fb3c8b2042_s390x
Red Hatopenshift4/ose-operator-sdk-rhel8@sha256:cde702d6aced71b11c43d6da5e331f8e08e42263a76d3429089d733243921361_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, openshift4/ose-operator-sdk-rhel8@sha256:cde702d6aced71b11c43d6da5e331f8e08e42263a76d3429089d733243921361_amd64
Red Hatopenshift4/ingress-node-firewall-rhel9@sha256:62b4f26b6782f2d8d755e5cea898fe7e002c8109140500eef9f5b4139f4115ce_arm64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ingress-node-firewall-rhel9@sha256:62b4f26b6782f2d8d755e5cea898fe7e002c8109140500eef9f5b4139f4115ce_arm64
Red Hatopenshift4/ose-ansible-operator@sha256:b2bd5e30b634e2b333d4a65635a0145e25690873d848bd8b0afd260c0be91555_amd64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-ansible-operator@sha256:b2bd5e30b634e2b333d4a65635a0145e25690873d848bd8b0afd260c0be91555_amd64
Red Hatopenshift4/ose-egress-router@sha256:71f219548afa5b1a97ac18209b78dfa6046d76055712bd4679fa744944245185_s390x as a component of Red Hat OpenShift Container Platform 4.15*

…and 299 more

Timeline

  • Feb 27, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jul 5, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›