Your submission was sent successfully! Close

CVE-2022-24302

Published: 17 March 2022

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
paramiko
Launchpad, Ubuntu, Debian
bionic
Released (2.0.0-1ubuntu1.3)
focal
Released (2.6.0-2ubuntu0.1)
impish
Released (2.7.2-1ubuntu1.1)
jammy
Released (2.8.1-1ubuntu3)
kinetic
Released (2.8.1-1ubuntu3)
trusty Needs triage

upstream Needs triage

xenial
Released (1.16.0-1ubuntu0.2+esm2)
Patches:
upstream: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1)