CVE-2018-15473
Public on 2018-08-17
Modified on 2023-03-27
Description
A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data confidentiality.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | openssh | 2018-09-05 | ALAS-2018-1075 | Fixed |
| Amazon Linux 2 - Core | openssh | 2018-09-20 | ALAS2-2018-1075 | Fixed |
| Amazon Linux 2023 | openssh | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| NVD | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |