VDB
RHSA-2025%3A1710
RHSA-2025%3A1710
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ingress-node-firewall-rhel9-operator@sha256:75159b34761f26432767f8d3e04a02e3207edfaa3f89b04fe73a04bd5fec4a0c_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ingress-node-firewall-rhel9-operator@sha256:75159b34761f26432767f8d3e04a02e3207edfaa3f89b04fe73a04bd5fec4a0c_s390x |
| Red Hat | openshift4/ose-cluster-capacity@sha256:ac7fca76edd63cbf30b7c52ed33368f8ff56714f43380985d76d5dff0b357f86_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-cluster-capacity@sha256:ac7fca76edd63cbf30b7c52ed33368f8ff56714f43380985d76d5dff0b357f86_s390x |
| Red Hat | openshift4/metallb-rhel9@sha256:1fc3f2420c0df28ac479220a6632b9ba15b1f5005aaa1253b34061eb5e866cf1_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/metallb-rhel9@sha256:1fc3f2420c0df28ac479220a6632b9ba15b1f5005aaa1253b34061eb5e866cf1_arm64 |
| Red Hat | openshift4/ose-sriov-infiniband-cni-rhel9@sha256:e5e2aa8e19bda76eb4d2c4de0d3fdb282e87746c5ddbaf5731f136766ad46ff1_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | openshift4/ose-helm-operator@sha256:790dc84af308a452f1cc717299a48cdaafb6c18069f4e09e91fdeb8713a159a5_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-helm-operator@sha256:790dc84af308a452f1cc717299a48cdaafb6c18069f4e09e91fdeb8713a159a5_s390x |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:9531c995e4acf693c0a055150f16bd6f49d6e8b5191e48feb069e80138c81b1d_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:9531c995e4acf693c0a055150f16bd6f49d6e8b5191e48feb069e80138c81b1d_s390x, * |
| Red Hat | openshift4/ose-ptp-rhel9-operator@sha256:423cf92b2eb4ab2e7d595955f8a76fc98a18298a6427aa4be08da445ed37dff8_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-ptp-rhel9-operator@sha256:423cf92b2eb4ab2e7d595955f8a76fc98a18298a6427aa4be08da445ed37dff8_amd64, * |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:59402493e671f55e1716d3fe86f86c81e723a50e683cf37b55c5d32cae5d90dd_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:59402493e671f55e1716d3fe86f86c81e723a50e683cf37b55c5d32cae5d90dd_ppc64le, * |
| Red Hat | openshift4/ose-helm-operator@sha256:6826bda416967c8ea274af9579ea24d740c061efa204f92965983963ede9399d_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-helm-operator@sha256:6826bda416967c8ea274af9579ea24d740c061efa204f92965983963ede9399d_arm64 |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:5439a47c3187573b7bcba72a1da8718ffee0031e4c0b963431ee364e17b4b7e9_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-cluster-nfd-rhel9-operator@sha256:d8c7d65cbaf941d24992140c9c1479fe5e3960ed729b065d7bceb555354aff60_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-nfd-rhel9-operator@sha256:d8c7d65cbaf941d24992140c9c1479fe5e3960ed729b065d7bceb555354aff60_s390x |
| Red Hat | openshift4/ose-cluster-capacity@sha256:1f494087f95a5a31e3bac58c1657bfd6d6b5d216648d2cb8f303148c45271efe_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-cluster-capacity@sha256:1f494087f95a5a31e3bac58c1657bfd6d6b5d216648d2cb8f303148c45271efe_ppc64le |
| Red Hat | openshift4/ose-sriov-network-device-plugin-rhel9@sha256:87e365c232fbef5f43db1f22ec674d0204f4066e2f57806bd492d0d6e5030ad2_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-sriov-network-device-plugin-rhel9@sha256:87e365c232fbef5f43db1f22ec674d0204f4066e2f57806bd492d0d6e5030ad2_ppc64le |
| Red Hat | openshift4/metallb-rhel9-operator@sha256:74208173ce15402001bdf1d95a89b5c777ce88ff24b754b84c08a13cfbfc2dd7_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/metallb-rhel9-operator@sha256:74208173ce15402001bdf1d95a89b5c777ce88ff24b754b84c08a13cfbfc2dd7_amd64 |
| Red Hat | openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:c0c51cc46998f78559346076375e059b7b4837b26eee64b0e3365d3498d64743_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:c0c51cc46998f78559346076375e059b7b4837b26eee64b0e3365d3498d64743_arm64, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel9@sha256:78892fea396f3f4b5e3d3c6e563ae506edaf30abc5f876363878b6fb3c8b2042_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-clusterresourceoverride-rhel9@sha256:78892fea396f3f4b5e3d3c6e563ae506edaf30abc5f876363878b6fb3c8b2042_s390x |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:cde702d6aced71b11c43d6da5e331f8e08e42263a76d3429089d733243921361_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-operator-sdk-rhel8@sha256:cde702d6aced71b11c43d6da5e331f8e08e42263a76d3429089d733243921361_amd64 |
| Red Hat | openshift4/ingress-node-firewall-rhel9@sha256:62b4f26b6782f2d8d755e5cea898fe7e002c8109140500eef9f5b4139f4115ce_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ingress-node-firewall-rhel9@sha256:62b4f26b6782f2d8d755e5cea898fe7e002c8109140500eef9f5b4139f4115ce_arm64 |
| Red Hat | openshift4/ose-ansible-operator@sha256:b2bd5e30b634e2b333d4a65635a0145e25690873d848bd8b0afd260c0be91555_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ansible-operator@sha256:b2bd5e30b634e2b333d4a65635a0145e25690873d848bd8b0afd260c0be91555_amd64 |
| Red Hat | openshift4/ose-egress-router@sha256:71f219548afa5b1a97ac18209b78dfa6046d76055712bd4679fa744944245185_s390x as a component of Red Hat OpenShift Container Platform 4.15 | * |
…and 299 more
Timeline
- Feb 27, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:1710 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2331720 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2333856 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1710.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45337 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45337 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45337 advisory
- https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 advisory
- https://go.dev/cl/635315 advisory
- https://go.dev/issue/70779 advisory
- https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3321 advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ advisory
…and 7 more