VDB
RHSA-2025%3A19306
RHSA-2025%3A19306
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-openstack-cloud-controller-manager-rhel9@sha256:7d482a6204223e73e4dfa0013f4ba20db1d04c7a8c2881dd4b9a58e6e7d25f09_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | registry.redhat.io/openshift4/ose-baremetal-rhel9-operator@sha256:4c797b6452d7bcaad38f37c65d0618f5dcc998ac5c27c20e9a11b155830599d9_s390x as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-baremetal-rhel9-operator@sha256:4c797b6452d7bcaad38f37c65d0618f5dcc998ac5c27c20e9a11b155830599d9_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-kube-storage-version-migrator-rhel9@sha256:1ce7092cace33e4ab97d548ab4c9a2388dd84e53bab452a7458c8a5ed4495701_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-kube-storage-version-migrator-rhel9@sha256:1ce7092cace33e4ab97d548ab4c9a2388dd84e53bab452a7458c8a5ed4495701_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-ingress-rhel9-operator@sha256:b3b52c01b3d3351317eac2e4cb1e2b76bb4eb0b4698990b8468a9c26f42ad820_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-cluster-ingress-rhel9-operator@sha256:b3b52c01b3d3351317eac2e4cb1e2b76bb4eb0b4698990b8468a9c26f42ad820_ppc64le |
| Red Hat | registry.redhat.io/openshift4/oc-mirror-plugin-rhel9@sha256:0e033237871e3e7ce2f0c11741dd6ffade3419f95b6b8600f7cb0a024bc89e0d_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/oc-mirror-plugin-rhel9@sha256:0e033237871e3e7ce2f0c11741dd6ffade3419f95b6b8600f7cb0a024bc89e0d_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-machine-os-images-rhel8@sha256:36fa337753dd82ecf610b3cd5bc3c32b4d863e7ef6326610004d5ad2e9e8a369_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-machine-os-images-rhel8@sha256:36fa337753dd82ecf610b3cd5bc3c32b4d863e7ef6326610004d5ad2e9e8a369_amd64 |
| Red Hat | registry.redhat.io/openshift4/kubevirt-csi-driver-rhel8@sha256:31b6d68104fe1044f063ba297e9d9e69c1e55b95b26f1e33f93a2573d66814bd_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-bootstrap-rhel9@sha256:74ffdaffe00b754bdad913e6699b44aa293f880e3803c00708d853202c20f745_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-cluster-bootstrap-rhel9@sha256:74ffdaffe00b754bdad913e6699b44aa293f880e3803c00708d853202c20f745_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-agent-installer-utils-rhel9@sha256:008744686fcf83e9d9d4abd55bf1622d0e9f886570613835d29ac3c8cf9ad648_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-agent-installer-utils-rhel9@sha256:008744686fcf83e9d9d4abd55bf1622d0e9f886570613835d29ac3c8cf9ad648_amd64 |
| Red Hat | registry.redhat.io/openshift4/ovirt-csi-driver-rhel9@sha256:966501e1f2fc5f70670211953ade31dc37f0c86e647e40ea56aae47d3e0c1a90_s390x as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ovirt-csi-driver-rhel9@sha256:966501e1f2fc5f70670211953ade31dc37f0c86e647e40ea56aae47d3e0c1a90_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-cli-artifacts@sha256:de303accc9d9479b98214dda863ead61ef4ff07d24234b4a23ffd1e7e1c8b540_s390x as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:517c74dcfbaff35ef2ba329a74a70402a228c77da442d263e5d3080ff7193965_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:517c74dcfbaff35ef2ba329a74a70402a228c77da442d263e5d3080ff7193965_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-kubevirt-cloud-controller-manager-rhel9@sha256:9864736555736cb9912dcb1c72f7d85aa75ec96286972312c2d0a3fc24788d42_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-kubevirt-cloud-controller-manager-rhel9@sha256:9864736555736cb9912dcb1c72f7d85aa75ec96286972312c2d0a3fc24788d42_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-cloud-controller-manager-rhel9-operator@sha256:38370fdd1910afe69d0b9e6ca55873e2db83b50f2182cef88ed7b12697ffcdd6_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-cluster-cloud-controller-manager-rhel9-operator@sha256:38370fdd1910afe69d0b9e6ca55873e2db83b50f2182cef88ed7b12697ffcdd6_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:8728d2c64b36f2c3fb9a52a1bf7ae98c5b113dc06ed7cca49c7b3e9f1789bcfe_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-update-keys-rhel9@sha256:d2b5095502841f6654d21fddffc781f20990b586480eb4b56fc6414ed291d7eb_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-api-rhel9@sha256:0cb142098aca9137dacebf1790becca57f45e736d0ec049d6e900d6328ac28a1_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-cluster-api-rhel9@sha256:0cb142098aca9137dacebf1790becca57f45e736d0ec049d6e900d6328ac28a1_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-aws-ebs-csi-driver-rhel9@sha256:acaca7b68e729672aacec5b83f5349dee6eb0cc360e5f600aa9103e9026e8501_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-aws-ebs-csi-driver-rhel9@sha256:acaca7b68e729672aacec5b83f5349dee6eb0cc360e5f600aa9103e9026e8501_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-livenessprobe-rhel8@sha256:dcff01fb6c0c0477daca085f3ad54d39b6480f139ed59cd1fd4eea9077068889_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-csi-livenessprobe-rhel8@sha256:dcff01fb6c0c0477daca085f3ad54d39b6480f139ed59cd1fd4eea9077068889_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:326ec4eb64e1da8db46c9bdfa4e0ae03732a863eafad17e4ebf0dc63698acfae_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | registry.redhat.io/openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:326ec4eb64e1da8db46c9bdfa4e0ae03732a863eafad17e4ebf0dc63698acfae_amd64 |
…and 1300 more
Timeline
- Nov 6, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:19306 advisory
- https://access.redhat.com/security/cve/CVE-2024-45337 advisory
- https://access.redhat.com/security/cve/CVE-2024-48910 advisory
- https://access.redhat.com/security/cve/CVE-2025-22871 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19306.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2331720 issue
- https://www.cve.org/CVERecord?id=CVE-2024-45337 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45337 advisory
- https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 advisory
- https://go.dev/cl/635315 advisory
- https://go.dev/issue/70779 advisory
- https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3321 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2322949 issue
- https://www.cve.org/CVERecord?id=CVE-2024-48910 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-48910 advisory
- https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc advisory
- https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2358493 issue
…and 6 more