VDB

RHSA-2025%3A3542

RHSA-2025%3A3542 PUBLISHED CVSS 8.199999809265137 HIGH

A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.

Risk Scores

CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatodf4/mcg-rhel9-operator@sha256:86347d437ac659fbba7ca5d630f67d6dfaf9b96b24bbe0d74353bcf5dea0c593_arm64 as a component of RHODF 4.15 for RHEL 9*, *, *
Red Hatodf4/ocs-client-rhel9-operator@sha256:6d76e5388f91606338eb730c7ab757352ec2c0e163c02222014262d953667810_amd64 as a component of RHODF 4.15 for RHEL 9odf4/ocs-client-rhel9-operator@sha256:6d76e5388f91606338eb730c7ab757352ec2c0e163c02222014262d953667810_amd64, *, *
Red Hatodf4/ocs-metrics-exporter-rhel9@sha256:a83fb46285e3e5fb176799edbb7b58f75db44bee6e5bce5009b58d08f742bf5b_s390x as a component of RHODF 4.15 for RHEL 9*, *, odf4/ocs-metrics-exporter-rhel9@sha256:a83fb46285e3e5fb176799edbb7b58f75db44bee6e5bce5009b58d08f742bf5b_s390x
Red Hatodf4/odf-multicluster-rhel9-operator@sha256:18cc0feb72e3373314a76d955ee7658f5ebfa2d7626a604a5a71cb0a6d377a99_amd64 as a component of RHODF 4.15 for RHEL 9*, odf4/odf-multicluster-rhel9-operator@sha256:18cc0feb72e3373314a76d955ee7658f5ebfa2d7626a604a5a71cb0a6d377a99_amd64, *
Red Hatodf4/ocs-client-operator-bundle@sha256:c81ab813061a01f78cfd4c278f0dfee3c8dc15f04c87d924eae9866adf020309_ppc64le as a component of RHODF 4.15 for RHEL 9odf4/ocs-client-operator-bundle@sha256:c81ab813061a01f78cfd4c278f0dfee3c8dc15f04c87d924eae9866adf020309_ppc64le, *, *
Red Hatodf4/odf-rhel9-operator@sha256:d13a6ec8126d862628abdeb4a98f4cb6c177e10856c347d118ec2ce02a550055_arm64 as a component of RHODF 4.15 for RHEL 9*, *, *
Red Hatodf4/odf-cosi-sidecar-rhel9@sha256:dd2ca2b97888416c8b80afea093b72448dc86629bb1c639e9678c2c692e0ec39_amd64 as a component of RHODF 4.15 for RHEL 9*, odf4/odf-cosi-sidecar-rhel9@sha256:dd2ca2b97888416c8b80afea093b72448dc86629bb1c639e9678c2c692e0ec39_amd64, *
Red Hatodf4/odf-csi-addons-operator-bundle@sha256:7227150cea2a8adcc29e12b3da59587aa1a6c52a32cdd48c41c3a81b613b91cd_amd64 as a component of RHODF 4.15 for RHEL 9odf4/odf-csi-addons-operator-bundle@sha256:7227150cea2a8adcc29e12b3da59587aa1a6c52a32cdd48c41c3a81b613b91cd_amd64
Red Hatodf4/odf-csi-addons-operator-bundle@sha256:450915fa93b94ccbbf053e62df503b53537435a3f41a0c38198f78ea1e94b80b_ppc64le as a component of RHODF 4.15 for RHEL 9odf4/odf-csi-addons-operator-bundle@sha256:450915fa93b94ccbbf053e62df503b53537435a3f41a0c38198f78ea1e94b80b_ppc64le
Red Hatodf4/odf-csi-addons-sidecar-rhel9@sha256:869c78d037b918ed96f8288c189dffb3a73a2e056ca210483c7ef98866bbbfb8_s390x as a component of RHODF 4.15 for RHEL 9odf4/odf-csi-addons-sidecar-rhel9@sha256:869c78d037b918ed96f8288c189dffb3a73a2e056ca210483c7ef98866bbbfb8_s390x
Red Hatodf4/odf-multicluster-operator-bundle@sha256:5ee30837a0b18143ed4410a879449197df831aa9da3f9e34d984bba54ea4933a_s390x as a component of RHODF 4.15 for RHEL 9*, odf4/odf-multicluster-operator-bundle@sha256:5ee30837a0b18143ed4410a879449197df831aa9da3f9e34d984bba54ea4933a_s390x, *
Red Hatodf4/odf-csi-addons-operator-bundle@sha256:f97ff3b4f983ddd30285d8e8c0816b47f93b3e389791363d14d2e912bfc7606b_s390x as a component of RHODF 4.15 for RHEL 9odf4/odf-csi-addons-operator-bundle@sha256:f97ff3b4f983ddd30285d8e8c0816b47f93b3e389791363d14d2e912bfc7606b_s390x
Red Hatodf4/odr-cluster-operator-bundle@sha256:1555cb387d9245294fb2a4a769d16850fa81d23c3cd37ae12db1b236958920bd_ppc64le as a component of RHODF 4.15 for RHEL 9*, odf4/odr-cluster-operator-bundle@sha256:1555cb387d9245294fb2a4a769d16850fa81d23c3cd37ae12db1b236958920bd_ppc64le, *
Red Hatodf4/odr-hub-operator-bundle@sha256:102ecaa53a174455c8392a9e221dd0f332613fc0c0e206182c4c483cbd7f9ff3_s390x as a component of RHODF 4.15 for RHEL 9*, odf4/odr-hub-operator-bundle@sha256:102ecaa53a174455c8392a9e221dd0f332613fc0c0e206182c4c483cbd7f9ff3_s390x, *
Red Hatodf4/odf-must-gather-rhel9@sha256:1d0044891f122b29fe37da51ba2058b0e35f40bcf382750d5953f2fa747df2e3_amd64 as a component of RHODF 4.15 for RHEL 9odf4/odf-must-gather-rhel9@sha256:1d0044891f122b29fe37da51ba2058b0e35f40bcf382750d5953f2fa747df2e3_amd64
Red Hatodf4/ocs-rhel9-operator@sha256:5424e130fb363a582a73e9b6168323bf02c68a52b2d57fe6d08a8f15eb9329c6_s390x as a component of RHODF 4.15 for RHEL 9*
Red Hatodf4/odf-operator-bundle@sha256:b48272102bd84914525944f43b25424ac8107684604c5467dc8fe8621567368c_ppc64le as a component of RHODF 4.15 for RHEL 9*
Red Hatodf4/ocs-rhel9-operator@sha256:e53a5a6beacd5f4b0a261086c3cd8320bca975293d19bd44e722ac027541f323_arm64 as a component of RHODF 4.15 for RHEL 9*
Red Hatodf4/mcg-operator-bundle@sha256:54996beca536094a30d924c43e3a52ff615437e08b0bfae28589194819bb7e7b_amd64 as a component of RHODF 4.15 for RHEL 9odf4/mcg-operator-bundle@sha256:54996beca536094a30d924c43e3a52ff615437e08b0bfae28589194819bb7e7b_amd64
Red Hatodf4/odf-multicluster-console-rhel9@sha256:c20ff224739974a68d1397ee45520d0d1d00af115b0f8777a8a8ffb70811762f_s390x as a component of RHODF 4.15 for RHEL 9*, *, *

…and 161 more

Timeline

  • Apr 2, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jul 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›