vulnerability
CentOS Linux: CVE-2020-14145: Moderate: openssh security update (CESA-2021:4368)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | 2020-06-29 | 2021-11-10 | 2023-05-25 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
2020-06-29
Added
2021-11-10
Modified
2023-05-25
Description
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
Solution(s)
centos-upgrade-opensshcentos-upgrade-openssh-askpasscentos-upgrade-openssh-askpass-debuginfocentos-upgrade-openssh-cavscentos-upgrade-openssh-cavs-debuginfocentos-upgrade-openssh-clientscentos-upgrade-openssh-clients-debuginfocentos-upgrade-openssh-debuginfocentos-upgrade-openssh-debugsourcecentos-upgrade-openssh-keycatcentos-upgrade-openssh-keycat-debuginfocentos-upgrade-openssh-ldapcentos-upgrade-openssh-ldap-debuginfocentos-upgrade-openssh-servercentos-upgrade-openssh-server-debuginfocentos-upgrade-pam_ssh_agent_authcentos-upgrade-pam_ssh_agent_auth-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.